According to the linked blog:
In this case, private mode in Safari 15 is also affected by the leak. It’s important to note that browsing sessions in private Safari windows are....
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Prepares Fix for Safari Bug Allowing Websites to Decipher Your Recent Browsing Activity
- Thread starter MacRumors
- Start date
- Sort by reaction score
In this case, private mode in Safari 15 is also affected by the leak. It’s important to note that browsing sessions in private Safari windows are....
Absolutely not. Jobs killed of Flash because it swamped iOS and stopped things working correctly. The same argument applies to random apps that make extensive use of networking and display. That’s before you even get into the business of WebKit being used as a shared resource by numerous iOS apps and services. Security would be worse on iOS if apps stopped using WebKit.
Safari gets updated with a macOS update, Safari Technology Preview on the other hand is updated on a regular basis, not with a macOS update.
Is this attack actually working across different browsers on iOS? Do, eg, Chrome and Safari on iOS use the same IndexedDB database? Because in regard to cookies for example, they are separate.
The fix is a single line of code:
if (database->identifier().origin() != origin)
continue;
if (database->identifier().origin() != origin)
continue;
Exactly. Even with the test code and documentation it is only a handful of changes. The slow part is the bureaucracy / management that is involved around code releases etc.
Safari 15.2 is out under the Software Update.
This doesn't fix the issue on iOS 15 and iPadOS 15.What do you mean Apple is preparing for a fix?
Apple just issued a fix for macOS and users can get it right here
It's not fixed in Safari 15.2. Maybe it will be in 15.3
Going to any other browser on iOS won't fix the problem because they all essentially re-skinned user interfaces on top of Safari's bones. Again, on iOS and iPadOS.What do you mean Apple is preparing for a fix?
Apple just issued a fix for macOS and users can get it right here
Safari 15.2 was released last December.
Apple security releases - Apple Support
This document lists security updates and Rapid Security Responses for Apple software.
Well, it is.
On macOS Catalina, I was able to download Safari 15 and used it for a few months.
WebKit, where this particular problem originates, is effectively a core piece of the operating system, used by browsers and numerous other apps and services. The fix does not involve a trivial update to Safari; it involves updating a core part of the operating system, so it would seem to be appropriate that the fix comes as part of an OS update.
Other companies had rollouts during the pandemic with less issues. And I doubt a high tech company like Apple have issues with remote working.
Steve Jobs had stated that internally Apple is working like a startup, where the team is actually small. Remember their remote app or something where it was just one person doing it? This tells me if there’s a big project (aka a mass scanning system needed to be rolled out in a short time), other projects might be put on hold. Apple knew this, and thus they announced supporting ios14 in WWDC. In any case, the aftermath is ios15 suffering.
Apple can simply adopt Android’s approach. First, compartmentalize the OS. In Android, the browser and system web view are separated, and each can be independently updated.
Forcing Apple to allow other browser’s engine won’t help users as the internal WebKit engine used for other built in apps or 3rd party apps using the system web view will still be affected, and users will still need to wait for iOS update.
Yes.
Oh really? I do not know. Well TheYayAreaLiving 🎗 said that a fix will be applied soon. https://forums.macrumors.com/thread...ecent-browsing-activity.2331742/post-30787163
That's just the pre-fix pretend-fix release. The Fix to fix the fix is still being prepared.What do you mean Apple is preparing for a fix?
Apple just issued a fix for macOS and users can get it right here
Google somehow managed to make updates to this "core piece of the operating system" that is built-in web rendering engine in Android, available independently of OS updates. Surely, such a big company as Apple could do the same if they only wanted.
Yes, allowing this makes code more complicated, but in the end, is better for the end user since you can patch things faster and potentially for more people (on older OS versions too).
Apples/Oranges (pardon the pun).
Android works very differently to iOS, and not necessarily in a good way. Ask the millions of users who were stuck with an implementation of Android WebKit that never actually got updated. Android encourages security fragmentation by permitting arbitrary browsers to use their own rendering engines. Apple have a different approach, one that has worked very well from a security perspective.
iOS devices generally get patched far more often than do Android devices, and host dramatically less malware. Apple probably don’t need any lessons from Android on how to keep iOS secure.