Google researchers have located multiple security flaws in Apple’s Safari web browser that allows users’ browsing habits to be tracked in spite of Apple’s Intelligent Tracking Prevention feature.
Google has stated that it plans to publish details documenting the security flaws in the near future, the company sharing information with the Financial Times on Wednesday.
The security flaws were first found by Google in the summer of 2019, and were disclosed to Apple in August. There were five types of potential attacks that could allow third parties to learn “sensitive private information about the user’s browsing habits.”
The researchers stated that the flaws left personal data exposed, in that the Intelligent Tracking Prevention List feature “implicitly stores information about the websites visited by the user.” This, in turn, allows for a “persistent fingerprint” that can follow a user around the Web or track what users are searching for on a day to day basis.
Apple implemented the Intelligent Tracking Prevention feature into Safari in 2017, which is intended to boost privacy and is meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.
Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its “responsible disclosure practice,” though full security credit has not yet been provided by Apple so there’s a chance that there’s still some behind-the-scenes fixing to be done.
Via MacRumors and Financial Times