According to an exclusive report by the Financial Times, researchers at Google have exposed several security flaws in Apple’s Safari browser which allowed the hackers to track users’ browsing behaviour, despite the tool’s strict privacy protection features.
Back in 2017, Apple rolled out Intelligent Tracking Prevention with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.
However, the researchers have disclosed five types of potential attacks that could happen because of the vulnerabilities identified in Apple’s anti-tracking feature.
“You would not expect privacy-enhancing technologies to introduce privacy risks,” said Lukasz Olejnik, an independent security researcher. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”
According to Google researchers, the vulnerabilities left personal data exposed “because the ITP list implicitly stores information about the websites visited by the user”.
The researchers also identified a flaw that allowed hackers to “create a persistent fingerprint that will follow the user around the web”, while others were able to reveal what individual users were searching for on search engine
pages.
Apple eventually addressed the security flaws in December, without revealing any details to the public.
