Recently, Google researchers have said there are many security holes in Apple Safari web browser that allow hackers to track users’ browsing behavior. Interestingly, it can be done via a tool that had been designed to protect users’ privacy.
The flaws found in an anti-tracking tool are known as Intelligent Tracking Prevention. In fact, Google reportedly disclosed these flaws to Apple last August. Last December, Apple vaguely disclosed the security breach in a blog post and thanked Google.
The research team has identified five types of attacks that can occur due to vulnerabilities. According to reports, the vulnerabilities may allow third parties to obtain “sensitive private information about the user’s browsing habits”.
You would not expect privacy-enhancing technologies to introduce privacy risks,” said Lukasz Olejnik, an independent security researcher who has seen the paper. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.
“While today such privacy vulnerabilities are very rare, issues in mechanisms designed to improve privacy are unexpected and highly counter-intuitive.”
The Cupertino-based company rolled out Intelligent Tracking Prevention in 2017. It came with a specific aim of protecting Safari browser users from being tracked around the web by advertisers’ and other third-parties’ cookies.
That time, it was warmly welcomed by privacy advocates as a pioneering privacy-enhancing technology for web browsers. But it also forced competitors (Google as well) to augment their own tracking controls.
Anyway, Google researchers also identified a flaw that allowed hackers to “create a persistent fingerprint that will follow the user around the web”. Others were able to reveal what individual users were searching for on search engine pages.
Apple confirmed it fixed the bugs reported by Google last year.