Google Researchers Disclose Privacy Flaws in Apple’s Safari Browser

Google researchers have exposed several major security flaws in Apple’s Safari browser. According to a new report from the Financial Times, Google engineers found multiple security flaws that could have potentially allowed hackers to track users.

The flaws are to do with Safari’s Intelligent Tracking Prevention feature which is ironically designed to prevent users from getting tracked on the web.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

[ad unit=’in_content_premium_block’]

However, due to flaws in the security design of the feature, it actually left users’ data exposed to hackers, allowing them to track the user around the web. Google researchers disclosed a total of 5 flaws in the feature to Apple, which has all already been fixed.

Apparently, the Intelligent Tracking Prevention feature left users’ personal data exposed because it implicitly stored all the sites visited by the user. In a different flaw, hackers were able to create a persistent fingerprint that can be used to follow the user around the web. Another flaw exposed what the users were searching for on search engines.

“You would not expect privacy-enhancing technologies to introduce privacy risks,” said independent security researcher Lukasz Olejnik. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”

Google informed Apple of the vulnerabilities back in August 2019, and Apple was quick to roll out a fix to the issue back in December, thanking Google for finding the flaws.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 8 comments

  • gmalom

    22 January, 2020 - 2:51 pm

    <p>This is very sad :(</p>

  • bob_shutts

    22 January, 2020 - 3:11 pm

    <p>I use Duck Duck Go security add-ons. I don’t know if this helps or not. Can’t hurt I guess. </p>

    • lvthunder

      Premium Member
      22 January, 2020 - 5:05 pm

      <blockquote><em><a href="#515123">In reply to Bob_Shutts:</a></em></blockquote><p>It all depends on if they have security issues of their own.</p>

      • bob_shutts

        22 January, 2020 - 6:24 pm

        <blockquote><a href="#515157"><em>In reply to lvthunder:</em></a><em> Hmmmm. Didn't think of that!</em></blockquote><p><br></p>

  • rm

    23 January, 2020 - 8:26 am

    <p>Not that Apple is horrible with security, but the worst program they ever made from the standpoint of security was iTunes on Windows. It had about as many security issues as JAVA client, Flash, and ActiveX controls. And it was a program, not a technology used by programs (like the others are). I still feel that was intentional on Apples part because they were running the I'm a Mac, I'm a PC commercials at the same time. So, iTunes was effectively a trojan horse to gain market share from Windows.</p>

  • youwerewarned

    23 January, 2020 - 12:23 pm

    <p>Anyone wonder why Google is looking for privacy lapses in Apple's products? And if they revealed all of them? Of course you don't…</p>

    • innitrichie

      23 January, 2020 - 1:32 pm

      <blockquote><em><a href="#515329">In reply to YouWereWarned:</a></em></blockquote><p><br></p><p>Good point :)</p>

  • stevek

    23 January, 2020 - 8:59 pm

    <p>I thought Google had a policy of releasing information about security flaws 90 days after disclosure to the company that would supply the fix?</p><p><br></p><p>If they informed Apple of it in Aug of 2019, that would be public disclosure in Nov; yet Apple didn't release a fix till December and Google didn't go public with it until January…about 6 months (180 days) after disclosure?</p><p><br></p><p>Is the 90 policy only for bugs in Microsoft Products?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC