Google Researchers Disclose Privacy Flaws in Apple’s Safari Browser

Posted on January 22, 2020 by Mehedi Hassan in Apple, Apple Safari, Google, Web browsers with 8 Comments

Google researchers have exposed several major security flaws in Apple’s Safari browser. According to a new report from the Financial Times, Google engineers found multiple security flaws that could have potentially allowed hackers to track users.

The flaws are to do with Safari’s Intelligent Tracking Prevention feature which is ironically designed to prevent users from getting tracked on the web.

However, due to flaws in the security design of the feature, it actually left users’ data exposed to hackers, allowing them to track the user around the web. Google researchers disclosed a total of 5 flaws in the feature to Apple, which has all already been fixed.

Apparently, the Intelligent Tracking Prevention feature left users’ personal data exposed because it implicitly stored all the sites visited by the user. In a different flaw, hackers were able to create a persistent fingerprint that can be used to follow the user around the web. Another flaw exposed what the users were searching for on search engines.

“You would not expect privacy-enhancing technologies to introduce privacy risks,” said independent security researcher Lukasz Olejnik. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”

Google informed Apple of the vulnerabilities back in August 2019, and Apple was quick to roll out a fix to the issue back in December, thanking Google for finding the flaws.

Tagged with , ,

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register