The Financial Times reported that Google researchers have revealed details of multiple security vulnerabilities in Apple's Safari web browser, which are holes that allow tracking user behavior in browsing, even though the vulnerability tool is specifically designed to protect their privacy.

 The British newspaper added that Google announced the loopholes - which were found ridiculously in the anti-tracking feature known as "Intelligent Tracking Prevention" - the first time last August.

 In a paper to be published soon by the Financial Times, researchers in the Google Cloud team have since identified five different types of potential attacks that could be caused by vulnerabilities, allowing external parties to obtain “sensitive private information about a user’s browsing habits”  .

 "You will not expect privacy-enhancing technologies to lead to privacy risks," the newspaper quoted the independent security researcher who also viewed the paper (Lucas Olegnick) as saying.  He added, "If it is exploited or used, then [these weaknesses] allow the user to be tracked without acknowledgment and cannot be controlled."  He continued, "While these privacy gaps are very rare today, the problems with mechanisms designed to improve privacy are very unexpected and intuitive."

 Apple launched the "Smart Tracking Protection" feature in 2017, with the specific goal of protecting Safari users from being tracked across the web by advertisers and third-party cookies.  Privacy advocates view the tool as a leading technology for enhancing privacy for web browsers, and competitors, including Google's Chrome browser, have been forced to improve their tracking elements.

 According to Google researchers, the vulnerabilities left personal data exposed "because the (Smart Tracking Protection) list implicitly stores information about websites the user has visited."  The researchers also identified a flaw that allowed hackers to “create a consistent fingerprint that would follow the user across the web,” while others were able to reveal what individual users were searching for on search engine pages.

 Apple fixed the security vulnerabilities - without revealing any details - last December, when privacy engineer (John Welder) posted a post about security updates for the browser.  In the post, Wilander thanked Google researchers for discovering the vulnerability.

 It is noteworthy that this is the second time in the past year that Google researchers revealed security holes in Apple's programs. In August, researchers discovered that a number of malicious websites - which were used to penetrate iPhone phones over two years - targeted Uighur Muslims in China  .

Post a Comment

Previous Post Next Post
Surface Laptop Available in Four Colors