iPadOS 15 – BIG

Apple prepared a fix for a WebKit bug that could reveal users’ recent browsing history and possibly their identity. However, it’s not clear when the tech giant will release updates with the fix.

According to MacRumors, a WebKit commit (typically refers to a revision made to code) on GitHub fixes a bug. However, Apple has not said when users could expect macOS, iOS or iPadOS updates to arrive with the fix. A January 14th blog post from FingerprintJS noted that the bug was reported to Apple on November 28th, 2021.

MacRumors previously reported about the bug on January 16th, which involves a JavaScript API called IndexedDB, a commonly-used tool for storing data on people’s computers. Specifically, the bug exists in the way WebKit — the open-source engine powering Apple’s Safari browser — implemented IndexedDB.

In short, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites. Put another way, a website can access a list of other websites you’ve visited (even from different tabs or windows) if they’ve stored data using this API. Typically, browsers apply same-origin policy to IndexedDB to prevent sites from accessing anything outside of their own IndexedDB database.

Moreover, sometimes websites include unique user-specific identifiers in IndexedDB database names. MacRumors pointed to YouTube as an example, which creates databases that include users’ authenticated Google User ID in the name. Malicious actors could use this identifier to fetch personal information about users through Google APIs, such as their profile picture or name.

The WebKit bug affects Safari on macOS Monterey, iOS 15 and iPadOS 15. On iOS and iPadOS, Apple also forces third-party browsers to use the WebKit engine — that means browsers like Chrome and Edge running on iOS/iPadOS 15 are also affected. However, the bug doesn’t affect older versions of macOS, or iOS and iPadOS 14.

Ultimately, that means iOS and iPadOS users can’t really do anything to protect themselves from the bug beyond installing the software patch whenever Apple makes it available. For macOS users, however, switching to another browser would work.

Those interested in learning more about the bug should check out a deep-dive on it from FingerprintJS.

Source: MacRumors, (2), FingerprintJS

Alongside the new iOS 15, Apple is also rolling out the latest versions of iPadOS and watchOS to the public.

iPadOS 15 brings many of the same improvements we’ve seen in iOS 15, like copy/paste in images, FaceTime updates and more. But beyond that, there are a few new features that are only coming to the iPad.

This includes a new quick note feature, more widget controls and some pretty substantial improvements to make multitasking easier. You can read more about the changes in iPadOS 15 here.

This update is being delivered to iPads as old as the iPad Air 2 and the iPad mini 4. You can download the update by navigating to the ‘General’ section of the Settings app and selecting ‘Software Update.’

watchOS 8

The new watchOS improvements are fairly subtle as well. This year, Apple’s added a new Mindfulness app, some more workouts and a new watch face that places the clock between a subject and the background for a really fun effect.

There are also revamped smart home controls, the ability to set multiple timers and more apps now support the always-on display of the Series 5, Series 6 and Series 7. You can read more about these updates and more in our prior coverage.

This update is rolling out to Apple watches as old as the Series 3. To update your Apple Watch, open the Watch app on your iPhone, choose ‘General’ and from there, select ‘Software Update.’