Skip to main content
  1. Home
  2. Web
  3. Computing
  4. News

Apple Safari flaw left users’ browsing activity open to being tracked

Add as a preferred source on Google
 

In a seemingly rare case of huge tech firms looking out for one another, Google has revealed that it recently informed Apple of a serious security flaw that it discovered with its Safari browser. The vulnerability could have given hackers access to a user’s online behavior, with persistent tracking of a user’s web searches also possible, Google said.

Recommended Videos

In a technical paper posted online this week, Google researchers described how they found five different kinds of potential attacks linked to the vulnerability that would have enabled third parties to gather “sensitive private information about the user’s browsing habits.”

The issue concerned Apple’s Intelligent Tracking Prevention (ITP) technology, a privacy mechanism incorporated into the Safari browser in October 2017. ITP is designed to reduce the cross-site tracking of web users by limiting the capabilities of cookies and other website data, but, ironically, the ITP vulnerability had the potential to expose browser-linked data.

Google said that the uncovered flaw put users’ data at risk as it offered access to an on-device list created by the ITP technology that “implicitly stores information about the websites visited by the user.” Lukasz Olejnik, an independent security researcher, told the Financial Times (FT) that if the weakness had been exploited or used, it would’ve paved the way for “unsanctioned and uncontrollable user tracking.”

According to the FT, Google informed Apple about the vulnerability in August 2019, prompting the company to fix it. At the end of last year, Apple engineer John Wilander acknowledged Google’s assistance in a blog post, though at the time he declined to offer any specific information about the issue.

“We’d like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection,” Wilander wrote in the post. “Their responsible disclosure practice allowed us to design and test the changes detailed above.”

In a separate statement released this week, Google said it has always been keen to work with companies in the tech industry “to exchange information about potential vulnerabilities and protect our respective users,” explaining that Google’s core security research team had worked “closely and collaboratively with Apple on this issue.” It added,”The technical paper simply explains what our researchers discovered so others can benefit from their findings.”

We’ve reached out to Apple for more information about the security issue with its web browser and will update this article if we hear back.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
How to clear your browser cache in Chrome, Edge, Firefox, Safari, or Opera
A cluttered cache can slow you down and break websites, so here's how to clear it in every major browser in just a few seconds.
How to delete browser cache

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more
How to find archived emails in Gmail and return them to your inbox
Archived emails in Gmail are easier to find than you think—once you know where Google hides them
Gmail icon on a screen.

If you’re looking to clean up your Gmail inbox, but you don’t want to delete anything permanently, then choosing the archive option is your best bet. Whenever you archive an email, it is removed from your inbox folder while still remaining accessible. Here’s how to access any emails you have archived previously, as well as how to move such messages back to your regular inbox for fast access.

Read more
Is there a Walmart Plus free trial? Get a month of free delivery
A Walmart sign on the outside of a store.

For regular Walmart shoppers, signing up for Walmart Plus is a no-brainer. It's basically Walmart's version of Amazon Prime, with subscribers unlocking free shipping on most orders, early access to discounts and new product drops (like Nintendo Switch 2 restocks), the best grocery delivery, and more. If you're always taking advantage of Walmart's bargains for the best smart home devices or the best tech products in general, but you're still not sure if you'll be able to maximize the benefits of Walmart Plus, we highly recommend claiming the free trial to the service, and we've got everything you need to know about it right here.

START YOUR FREE TRIAL

Read more