Skip to main content

Apple’s iOS 15.3 update fixes critical Safari security bug

Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress.

As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it.

An iPad screen showing website data in Safari settings.
Jesse Hollington / Digital Trends

Unfortunately, it turns out the Safari browser in iOS 15 wasn’t exactly respecting those rules. Although it wasn’t giving out any information stored in those databases, it was happily providing a full list of all the local databases to any website that asked.

Recommended Videos

While this may sound relatively innocuous on the surface, the problem is that many services use sensitive information for these database names. For instance, Google uses an internal unique and user-specific identifier that allows anybody who is logged into their Google Account to be “uniquely and precisely identified.” Bajanaik notes that this Google User ID can even be fed into Google APIs to pull up public information on the account owner, such as their name and profile picture.

To make matters worse, not only does this allow a malicious website to learn a user’s identity, but it can also be used to get a list of multiple accounts owned by the same person. This could create a serious breach of privacy in situations where someone is using an anonymous account that’s not tied to their personal identity in any way. A hacker exploiting this flaw could make a connection by discovering that the same individual had information for both accounts stored in their browser.

The flaw also appears to be easy to exploit. Bajanaik explains that “a tab or window that runs in the background and continually queries the IndexedDB API for available databases, can learn what other websites a user visits in real time,” allowing hackers to collect data on targets simply by planting malicious code in a seemingly legitimate website.

Security fixes in iOS 15.3

Compared with the exciting features that arrived in the last couple major iOS releases, this week’s iOS 15.3 update may appear pretty boring, but it shouldn’t be taken lightly. In fact, it’s even more important to update to iOS 15.3 as soon as possible.

Not only does iOS 15.3 fix this particularly nasty security hole in Safari, but according to Apple’s release notes, there are nine other important security fixes, including one that Apple notes “may have been actively exploited.”

Other security vulnerabilities resolved in iOS 15.3 include an iCloud bug that could allow applications to bypass security and access a user’s files, plus several other scenarios where malicious applications could find ways to gain root privileges or arbitrarily execute code to do things they shouldn’t be permitted to do.

Jesse Hollington
Jesse has been a Mobile Writer for Digital Trends since 2021 and a technology enthusiast for his entire life — he was…
5 lost iOS features I want to see return in iOS 19
Siri being shown on an iPhone 15 Pro on iOS 18.

In the second week of June, Apple will likely give the world a glimpse of its jazzed-up operating systems at WWDC 2025, and a major redesign is expected for iOS 19. Though I’ve always yearned for a return to the skeuomorphism look, we are hearing that Apple is eying a unified aesthetic language that is more reminiscent of Vision OS running on its uber-expensive headset.

A lot of eyes and ears will hunt for AI-related announcements, especially in the wake of Apple Intelligence flubs and delays. On the more practical side of things, an AI fitness coach might land this year with the iOS 19 update. But after going through all the hype and rumors, I hope Apple brings back the following features that it abandoned years ago, but with a modern makeover: 

Read more
iOS 18.5 arrives as Apple edges closer to big iOS 19 reveal
The iOS 18.5 update waiting on an iPhone 16 Pro Max.

Apple has released iOS 18.5 and iPadOS 18.5, the latest software updates for its iPhone and iPad models. As the version numbers suggest, Apple is gradually getting closer to the announcement of iOS 19, which will almost certainly be one of the main topics during its Worldwide Developer Conference (WWDC) keynote which takes place on June 9. In the meantime, here’s what you need to know about iOS and iPadOS 18.5.

Apple iPhone and iPad owners can check their devices for the update now by opening the Settings app, tapping General, and then Software Update. If iOS 18.5 or iPadOS 18.5 is available, it’ll show up here and you only need to follow the instructions to install it. What will you find once it’s all up and running?This isn’t a big software update, so don’t expect to spot any major alterations. Likely the most obvious will be a new wallpaper in Apple’s 2025 Pride collection, which follows the recent release of a special Pride 2025-themed Sport Band for the Apple Watch. If you’re a parent and your child has an iPhone, you’ll receive a notification when the Screen Time passcode is used, provided both devices have iOS 18.5 installed. 

Read more
Your current iPhone battery could last longer with iOS 19, thanks to AI
iOS 19 leak renders with squircle icons.

Imagine downloading a software update for your current iPhone and the battery life getting extended. That could be a reality thanks to iOS 19.

According to a report by Bloomberg's Mark Gurman, we can expect iOS 19 to leverage AI in such a way as to actually improve battery life efficiency on iPhone.

Read more