Security researchers have uncovered in Apple's Safari browser by Google researchers.
According to a new report from the Financial Times, the flaws were found in Safari's Intelligent Tracking Prevention feature that is designed to protect users from cross-site tracking and other online privacy issues.
The report references a new paper, written by researchers from Google's cloud team, which provides a more in-depth explanation on the vulnerabilities. In total, the researchers identified five different attacks that could occur as a result of the security flaws in Safari.
- Safari users can bypass paywalls with new private browsing mode
- Chrome, Edge and Safari all fall to hackers in Chinese contest
- Apple reversed plans for fully encrypted backups
Tracking Prevention
According to Google's researchers, the Intelligent Tracking Prevention platform left users' personal data exposed because of how it “implicitly stores information about the websites visited by the users”.
One of the security flaws discovered by the researchers could even be exploited by hackers to “create a persistent fingerprint that will follow the user around the web” while other flaws “were able to reveal what individual users were searching for on search engine pages”.
The irony is that security flaws in Apple's Intelligent Tracking Prevention platform actually made users vulnerable to the kind of tracking the feature was designed to prevent in the first place.
Google informed Apple regarding the vulnerabilities in August of last year and the iPhone maker has since fixed them. However, Google Chrome engineering director Justin Schuh recently said on Twitter that the actual vulnerabilities have not yet been fixed, so it might be best to turn off Intelligent Tracking Prevention in Safari for now.
- We've also highlighted the best VPN services
Via 9to5Mac
No comments yet.