This article was published on January 23, 2020

Google found vulnerabilities in Apple’s Safari that allowed user tracking


Google found vulnerabilities in Apple’s Safari that allowed user tracking

In December, Apple fixed multiple bugs found in its Safari browser that allowed third-party websites to track users’ browsing habits. According to a paper published by Google’s security team, the company notified Apple of various flaws in its anti-tracking technology, Intelligent Tracking Prevention (ITP), in August.

In 2017, Apple rolled out its ITP technology, one of the most highly regarded privacy protection kits for the web around the world. The system clears out first-party cookies regularly and blocks third-party cookies by default, making it difficult for advertisers to track users.

In the paper, Google’s team noted that these vulnerabilities would’ve resulted in the third-party company getting hold of sensitive and private browsing information. The flaw even allowed a site to carry out a cross-site attack and introduce another domain into the ITP list.

In December, Apple quietly fixed the flaw and thanked the Google team without going into specifics:

We’d like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection. Their responsible disclosure practice allowed us to design and test the changes detailed above.

Last August, the Google security team revealed that a series of web exploits targeted Uyghur Muslims in China, using existing vulnerabilities in iOS.

On the other hand, Google’s Chrome browser has been often criticized for its lack of privacy-protecting tools. Last week, the company said it is going to follow Safari and Firefox in blocking third-party cookies, but it will take two years.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with