Flaws in Apple's Intelligent Tracking Prevention Safari Feature Let People Be Tracked

safari iconGoogle researchers discovered multiple security flaws in Apple's Safari web browser that let users' browsing habits be tracked despite Apple's Intelligent Tracking Prevention feature.

Google plans to publish details on the security flaws in the near future, and a preview of Google's discovery was seen by Financial Times, with the publication sharing information on the vulnerabilities this morning.

The security flaws were first found by Google in the summer of 2019, and were disclosed to Apple in August. There were five types of potential attacks that could allow third parties to learn "sensitive private information about the user's browsing habits."

Google researchers say that Safari left personal data exposed because the Intelligent Tracking Prevention List "implicitly stores information about the websites visited by the user." Malicious entities could use these flaws to create a "persistent fingerprint" that would follow a user around the web or see what individual users were searching for on search engine pages.

Intelligent Tracking Prevention, which Apple began implementing in 2017, is a privacy-focused feature meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.

Lukasz Olejnik, a security researcher who saw Google's paper, said that if exploited, the vulnerabilities "would allow unsanctioned and uncontrollable user tracking." Olejnik said that such privacy vulnerabilities are rare, and "issues in mechanisms designed to improve privacy are unexpected and highly counter-intuitive."

Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its "responsible disclosure practice," though full security credit has not yet been provided by Apple so there's a chance that there's still some behind-the-scenes fixing to be done.

Tags: Google, Safari

Popular Stories

iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

New iPhone 17 Pro Details: Brighter Display, Best Battery Life, and More

Wednesday September 3, 2025 5:33 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max models will feature a number of significant display, thermal, and battery improvements, according to new late-stage rumors. According to the Weibo leaker known as "Instant Digital," the iPhone 17 Pro models will feature displays with higher brightness, making it more suitable for use in direct sunlight for prolonged periods. The iPhone 16 Pro and...
iPhone 17 Pro Iridescent Feature 2

iPhone 17 and iPhone 17 Pro Prices Estimated Ahead of Apple Event Next Week

Tuesday September 2, 2025 1:50 pm PDT by
Just one week before Apple is expected to unveil the iPhone 17 series, an analyst has shared new price estimates for the devices. Here are J.P. Morgan analyst Samik Chatterjee's price estimates for the iPhone 17 series in the United States, according to 9to5Mac: Model Starting Price Model Starting Price Change iPhone 16 $799 iPhone 17 ...
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3 Coming Next Week: Eight Reasons to Upgrade

Thursday September 4, 2025 7:38 am PDT by
We're only days away from Apple's "Awe dropping" fall event scheduled to take place on Tuesday, September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023. By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for...
iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
iPhone 17 AIR Loud Feature

iPhone 17 Air Could Start at $1,099 With 256GB Storage, 1TB for $1,499

Thursday September 4, 2025 2:54 am PDT by
Apple's upcoming iPhone 17 Air will have a $1,099 starting price providing 256GB of base storage and will max out at $1,499 with a 1TB option, according to the latest TrendForce report. Apple will offer three price/storage tiers for the all-new ultra-thin iPhone 17 model, which replaces last year's iPhone 16 Plus in the lineup. Here's how TrendForce sees them breaking down: 256GB — $1099...

Top Rated Comments

SDJim Avatar
73 months ago
Oooooooooh the irony.
Score: 37 Votes (Like | Disagree)
centauratlas Avatar
73 months ago
Apple is doing a good job with privacy and it is good Google is disclosing problems. What this shows though is that no matter how good one thinks that a particular company (any) is, things can slip through the cracks.

For example, someone might think there is no way Apple could have an issue with their iCloud encryption or with the servers housing the Apple private key encrypted iCloud data and in all likelihood they'll be wrong. Trusting any centralized source like this will be a problem at some point.
Score: 19 Votes (Like | Disagree)
Mr. Awesome Avatar
73 months ago
“There were five types of potential attacks that could allow third parties to learn ‘sensitive private information about the user's browsing habits.’” said Google, everyone’s favorite data-collecting tech giant.
Score: 17 Votes (Like | Disagree)
PickUrPoison Avatar
73 months ago

Rough week for Apple---

Ah, the good'ol Safari, one of Apple's biggest software troll since Cook.

Seems like Apple has these rough weeks quite often these days. Reality is a bitch when all you've got is marketing.

....about a company who’s entire business spin is about privacy and security

What but i thought..........................


Well it was a pretty long article I guess. For those who didn’t bother reading to the end:

“Apple appears to have addressed these Safari security flaws in a December update, based on a release update ('https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/') that thanked Google for its ‘responsible disclosure practice....’ ”

?
Score: 16 Votes (Like | Disagree)
Dave-Z Avatar
73 months ago

Reality is a bitch when all you've got is marketing.
So true. I used to love Apple, but since around 2015 I've had nothing but problems with their hardware and software. Their software is so buggy; I remember when things just worked and now odd glitches are a daily occurrence.

Personally I hate this Safari feature. I much rather have full control over what sites store/don't store. On my laptop and desktop I have Firefox reject all third-party cookies (there's virtually no legitimate reason to have them anyway), in addition to usual extensions to block trackers, etc. Safari is only used on my phone and this "feature" of Apple's causes problems because it's not learning the sites I visit and keeps deleting legitimate cookies for those sites so I have to login/change settings when I visit. There really should be more control for the end user but that's not the Apple way.
Score: 12 Votes (Like | Disagree)
Swift Avatar
73 months ago
Meanwhile, Google can't build a browser like Safari because they make more money on ads if they let people track you by default. Google Ads needs it.
Score: 9 Votes (Like | Disagree)