While analysing the operation of the Safari browser, the developers discovered a critical flaw in the application code. It turns out that unknowingly, the programmers made a mistake while implementing the IndexedDB API in the browser, which is used by almost every page on the Internet. For this reason, information about the pages viewed by users using the Safari browser on iOS 15, iPadOS 15 and macOS Monterey is at risk. Users of Safari on other versions of systems can feel safe.

The error allows for passing information about the viewed pages to all sources related to the database. This state of affairs means that from the level of almost every website that uses IndexedDB, you can access user activity in Safari on all websites. Apple is aware of this problem and is already working on a solution. On the part of users, a temporary solution may be to disable JavaScript on pages viewed in Safari or to temporarily change the browser to another one.