Google researchers have exposed several major security flaws in Apple’s Safari browser. According to a new report from the Financial Times, Google engineers found multiple security flaws that could have potentially allowed hackers to track users.
The flaws are to do with Safari’s Intelligent Tracking Prevention feature which is ironically designed to prevent users from getting tracked on the web.
However, due to flaws in the security design of the feature, it actually left users’ data exposed to hackers, allowing them to track the user around the web. Google researchers disclosed a total of 5 flaws in the feature to Apple, which has all already been fixed.
Apparently, the Intelligent Tracking Prevention feature left users’ personal data exposed because it implicitly stored all the sites visited by the user. In a different flaw, hackers were able to create a persistent fingerprint that can be used to follow the user around the web. Another flaw exposed what the users were searching for on search engines.
“You would not expect privacy-enhancing technologies to introduce privacy risks,” said independent security researcher Lukasz Olejnik. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”
Google informed Apple of the vulnerabilities back in August 2019, and Apple was quick to roll out a fix to the issue back in December, thanking Google for finding the flaws.