Skip to main content

Flaws discovered in Safari’s Intelligent Tracking Prevention let users be tracked

Google researchers discovered multiple security flaws in Apple's Safari web browser that let users' browsing habits be tracked despite Apple's Intelligent Tracking Prevention feature.

Google plans to publish details on the security flaws in the near future and a preview of Google's discovery was seen by Financial Times, with the publication sharing information on the vulnerabilities this morning.

The security flaws were first found by Google in the summer of 2019, and were disclosed to Apple in August. There were five types of potential attacks that could allow third parties to learn "sensitive private information about the user's browsing habits."

Apple’s privacy focus branches off in a variety of ways, including reducing the way websites can track individuals.

That’s due in part to its Intelligent Tracking Prevention feature baked into its web browser, Safari. However, it’s been discovered by Google researchers that a flaw in ITP made it possible for users’ browsing habits to still be tracked, even with the feature in place.

Google researchers say that Safari left personal data exposed because of the Intelligent Tracking Prevention List "implicitly stores information about the websites visited by the user." Malicious entities could use these flaws to create a "persistent fingerprint" that would follow a user around the web or see what individual users were searching for on search engine pages.

Intelligent Tracking Prevention, which Apple began implementing in 2017, is a privacy-focused feature meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.

A preview of the discovery was seen by Financial Times today, and the researchers say they will be publishing their discovery in the near future. According to the report, Google researchers first discovered the flaws back in the summer of 2019 and officially disclosed to Apple in August. The flaws could allow third-parties access to “sensitive private information about the user’s browsing habits”.
There were five potential threats discovered by the researchers.
The researchers say these flaws are possible in part, because Safari’s Intelligent Tracking Prevention feature “implicitly stores information about the websites visited by the user”. Attackers could use this information to create a “persistent fingerprint” that basically follows the user around as they browse the internet.
It’s worth noting here that these flaws have apparently been patched by Apple already. The company issued a software update in December of 2019 for Safari, so it looks like the issues have already been fixed.
Safari’s Intelligent Tracking Prevention started being implemented by Apple in 2017. It’s designed to limit the ability of websites to track a user as they browse the web and use search engines.
Lukasz Olejnik, a security researcher who saw Google's paper, said that if exploited, the vulnerabilities "would allow unsanctioned and uncontrollable user tracking." Olejnik said that such privacy vulnerabilities are rare, and "issues in mechanisms designed to improve privacy are unexpected and highly counter-intuitive."

Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its "responsible disclosure practice," though full security credit has not yet been provided by Apple so there's a chance that there's still some behind-the-scenes fixing to be done.

Comments

Popular posts from this blog

1 Saudi Move & Impact On West Asian Geopolitics

  As one of the most influential players in the Middle East, Saudi Arabia's actions have far-reaching consequences for West Asian geopolitics. In recent years, we've seen several moves from this powerful nation that are shaking up traditional power dynamics and creating new alliances. From its diplomatic spat with Qatar to its growing relationship with Israel, Saudi Arabia is making bold moves that could change the face of West Asia as we know it. Join us as we dive into the geopolitical implications of Saudi Arabia's latest actions and explore what they mean for the future of this critical region. Saudi Arabia has long been a dominant force in the Middle East, wielding its oil wealth and religious influence to shape regional politics. Its alliance with the United States has given it even greater sway on the global stage, making it a key player in shaping West Asian geopolitics. However, Saudi Arabia's role in the region is not without controversy. Its support for conse...

Israeli settlers have once again attacked religious minorities in the region, this time targeting a church in East Jerusalem.

  According to reports, the settlers assaulted clerics and worshippers at the Church of the Sepulchre of Saint Charbel, causing damage to the property and injuring several people. This kind of behavior is not only unacceptable but also undermines efforts to promote peace and stability in the region. Attacks on religious minorities are a direct attack on religious freedom and must be condemned by all. The Israeli authorities must take swift action to bring the perpetrators to justice and hold them accountable for their actions. It is also important to ensure the safety and protection of religious minorities and their places of worship, as guaranteed by international law. this incident is a sad reminder of the ongoing conflict in the region and the need for a comprehensive and just solution. It is up to all of us to work together to promote understanding, tolerance, and respect for different beliefs and cultures, and to build a brighter and more peaceful future for all.

Fights break out as Kurds protest the French government's denial of a terrorist attack

  Following the murder of three Kurds in what is being considered to be a probable racist incident , there have been widespread protests in Paris. The fact that the authorities did not view the attack at a Kurdish centre as a terrorist act has enraged the Kurdish diaspora in Paris. A 69-year-old man opened fire on a crowd of individuals early on Friday morning at the Ahmet-Kaya centre on Rue d'Enghien in the 10th arrondissement. One of the three victims is badly injured. All of the dead were Kurdish community members who passed away both inside and outside the cultural centre. Agit Polat, a spokesman for the Kurdish centre, charged that French officials "yet again failed to safeguard us... This is a terrorist attack in our eyes, according to the AFP news agency. In the afternoon, a number of protestors, largely from the Kurdish diaspora, got into a fight with the police outside the centre and in the streets close by, throwing rocks and torching trash cans. Police use...