Google researchers have discovered multiple security flaws in Apple’s Safari web browser’s Intelligent Tracking Prevention feature that still allowed users’ browsing to be tracked. However, it appears Apple has fixed the flaws.
Google plans to publish the details of the security flaws in the near future, and Financial Times shared information on the vulnerabilities this morning.
The flaws were discovered by Google back in the summer of 2019, and they were disclosed to Apple in August. Five types of potential attacks could allow third parties to learn “sensitive private information about the user’s browsing habits.”
Safari left personal data exposed because the Intelligent Tracking Prevention List “implicitly stores information about the websites visited by the user.” Bad actors could use the flaws to create a “persistent fingerprint” that could follow a user during their online travels and view users’ searches on search engines.
Intelligent Tracking Prevention is a privacy-focused feature that is intended to make it more difficult for sites to track a user’s travels around the web.
Apple looks to have addressed the flaws in a December Safari update. The release update thanks Google for its “responsible disclosure practice.”