Distribution of 'iOS 15.3' has started, and the vulnerability of leaking Google account information from Safari has been fixed.

On January 26, 2022, iOS 15.3 was released. No new features have been added, but this update includes bug fixes, security enhancements, and performance improvements.

About the security content of iOS 15.3 and iPadOS 15.3 --Apple Support (Japan)


iOS 15.3 now available: Here's what's new --9to5Mac

The biggest impact of iOS 15.3 is that a bug in Safari fixes a vulnerability that allows Google account information to be leaked to websites. This vulnerability exists in the newly added data storage API ' IndexedDB API ' in Safari 15 , and every time a website interacts with the database, it browses the information of the database created by another website. You can do it. It has been pointed out that this could allow a malicious person to snoop on the user ID of a Google account or use the Google API to obtain public personal information of the account owner.

Google account name leaked vulnerability found in Safari, problem reported to Apple but unsupported-GIGAZINE

This vulnerability, discovered by security company Fingerprint JS and reported to Apple on November 28, 2021, will be fixed in an update to iOS 15.3.

To update, first tap 'General' in the 'Settings' app.

Then tap 'Software Update'.

Confirm that the update content is iOS 15.3, and tap 'Download and install' to start downloading the update. The size of the update file is 1.06GB.

After the download is complete, tap 'Install Now' to complete the update.

In addition to iOS 15.3, iPadOS 15.3 and watchOS 8.4 will be delivered this time.

in Software,   Security, Posted by log1p_kr