Apple’s latest macOS and iOS update isn’t packed full of redesigns or new features, but a major security patch that prevents malicious sites from stealing your data through Safari makes it a pretty big one.
The update applies to both macOS Monterey 12.2 and iOS 15.3 and fixes an exploit in Safari 15 that allows sites to see your recent browsing history and even identify your unique Google user ID. The bug was first discovered by FingerprintJS, who put out a blog post detailing the issue on January 14 and reported the bug to Apple’s WebKit Bug Tracker back in November.
FingerprintJS published a demo site that allowed us to see how the exploit worked, showing that some websites can see what other sites people had recently opened in different tabs. Additionally, the exploit allowed theoretical sleuths to view people’s Google IDs and profile pictures if they’re logged into any Google service, like YouTube or Gmail, in another tab. Apple patched the Safari exploit about a week after FingerprintJS’ post, releasing iOS 15.3 RC and macOS 12.2 RC on January 20, but the fixes were finalized with the official OS releases that went out yesterday.
More security patches — Alongside the Safari fix, macOS 12.2 and iOS 15.3 included a fix to a memory corruption bug that allows malicious apps to execute arbitrary code with kernel privileges. Apple said in the release notes that this bug may have been actively exploited. The two OS updates include a dozen of other security patches that Apple has addressed, which don’t show reports of being exploited in the wild.
On a lighter note, Apple included a couple more changes to the latest version of macOS Monterey that was originally released last fall. The macOS 12.2 upgrade includes improved scrolling in Safari with ProMotion on the new MacBook Pro and a new native version of the Apple Music app that has way better responsiveness throughout. For iOS 15.3, Apple also fixed an issue with the HomeKit camera thumbnails not automatically refreshing for some users.
Available now — It’s not really a sexy update from Apple for sure, but it is a vital one. I’m all for critiquing whatever Apple’s latest unnecessary redesign is, but sometimes updates are just nitty gritty — this is one of them.
You should probably update your MacBooks and iPhones just due to the Safari bug fix since it’s definitely not a good idea to leave your device vulnerable to malicious sites who want to steal your browsing history or Google ID. Both updates were already made available and you just need to update your devices through the “Software Update” option in Settings or System Preferences on iOS and macOS respectively.