Google Researchers Disclose Privacy Flaws in Apple’s Safari Browser

Posted on January 22, 2020 by Mehedi Hassan in Apple, Apple Safari, Google, Web browsers with 8 Comments

Google researchers have exposed several major security flaws in Apple’s Safari browser. According to a new report from the Financial Times, Google engineers found multiple security flaws that could have potentially allowed hackers to track users.

The flaws are to do with Safari’s Intelligent Tracking Prevention feature which is ironically designed to prevent users from getting tracked on the web.

However, due to flaws in the security design of the feature, it actually left users’ data exposed to hackers, allowing them to track the user around the web. Google researchers disclosed a total of 5 flaws in the feature to Apple, which has all already been fixed.

Apparently, the Intelligent Tracking Prevention feature left users’ personal data exposed because it implicitly stored all the sites visited by the user. In a different flaw, hackers were able to create a persistent fingerprint that can be used to follow the user around the web. Another flaw exposed what the users were searching for on search engines.

“You would not expect privacy-enhancing technologies to introduce privacy risks,” said independent security researcher Lukasz Olejnik. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”

Google informed Apple of the vulnerabilities back in August 2019, and Apple was quick to roll out a fix to the issue back in December, thanking Google for finding the flaws.

Tagged with , ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (8)

8 responses to “Google Researchers Disclose Privacy Flaws in Apple’s Safari Browser”

  1. gmalom

    This is very sad :(

  2. bob_shutts

    I use Duck Duck Go security add-ons. I don’t know if this helps or not. Can’t hurt I guess.

  3. rm

    Not that Apple is horrible with security, but the worst program they ever made from the standpoint of security was iTunes on Windows. It had about as many security issues as JAVA client, Flash, and ActiveX controls. And it was a program, not a technology used by programs (like the others are). I still feel that was intentional on Apples part because they were running the I'm a Mac, I'm a PC commercials at the same time. So, iTunes was effectively a trojan horse to gain market share from Windows.

  4. youwerewarned

    Anyone wonder why Google is looking for privacy lapses in Apple's products? And if they revealed all of them? Of course you don't...

  5. stevek

    I thought Google had a policy of releasing information about security flaws 90 days after disclosure to the company that would supply the fix?

    If they informed Apple of it in Aug of 2019, that would be public disclosure in Nov; yet Apple didn't release a fix till December and Google didn't go public with it until January...about 6 months (180 days) after disclosure?

    Is the 90 policy only for bugs in Microsoft Products?