Flaws in Apple's Intelligent Tracking Prevention Safari Feature Let People Be Tracked

safari iconGoogle researchers discovered multiple security flaws in Apple's Safari web browser that let users' browsing habits be tracked despite Apple's Intelligent Tracking Prevention feature.

Google plans to publish details on the security flaws in the near future, and a preview of Google's discovery was seen by Financial Times, with the publication sharing information on the vulnerabilities this morning.

The security flaws were first found by Google in the summer of 2019, and were disclosed to Apple in August. There were five types of potential attacks that could allow third parties to learn "sensitive private information about the user's browsing habits."

Google researchers say that Safari left personal data exposed because the Intelligent Tracking Prevention List "implicitly stores information about the websites visited by the user." Malicious entities could use these flaws to create a "persistent fingerprint" that would follow a user around the web or see what individual users were searching for on search engine pages.

Intelligent Tracking Prevention, which Apple began implementing in 2017, is a privacy-focused feature meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.

Lukasz Olejnik, a security researcher who saw Google's paper, said that if exploited, the vulnerabilities "would allow unsanctioned and uncontrollable user tracking." Olejnik said that such privacy vulnerabilities are rare, and "issues in mechanisms designed to improve privacy are unexpected and highly counter-intuitive."

Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its "responsible disclosure practice," though full security credit has not yet been provided by Apple so there's a chance that there's still some behind-the-scenes fixing to be done.

Tags: Google, Safari

Top Rated Comments

SDJim Avatar
42 months ago
Oooooooooh the irony.
Score: 37 Votes (Like | Disagree)
centauratlas Avatar
42 months ago
Apple is doing a good job with privacy and it is good Google is disclosing problems. What this shows though is that no matter how good one thinks that a particular company (any) is, things can slip through the cracks.

For example, someone might think there is no way Apple could have an issue with their iCloud encryption or with the servers housing the Apple private key encrypted iCloud data and in all likelihood they'll be wrong. Trusting any centralized source like this will be a problem at some point.
Score: 19 Votes (Like | Disagree)
Mr. Awesome Avatar
42 months ago
“There were five types of potential attacks that could allow third parties to learn ‘sensitive private information about the user's browsing habits.’” said Google, everyone’s favorite data-collecting tech giant.
Score: 17 Votes (Like | Disagree)
PickUrPoison Avatar
42 months ago

Rough week for Apple---

Ah, the good'ol Safari, one of Apple's biggest software troll since Cook.

Seems like Apple has these rough weeks quite often these days. Reality is a bitch when all you've got is marketing.

....about a company who’s entire business spin is about privacy and security

What but i thought..........................


Well it was a pretty long article I guess. For those who didn’t bother reading to the end:

“Apple appears to have addressed these Safari security flaws in a December update, based on a release update ('https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/') that thanked Google for its ‘responsible disclosure practice....’ ”

?
Score: 16 Votes (Like | Disagree)
Dave-Z Avatar
42 months ago

Reality is a bitch when all you've got is marketing.
So true. I used to love Apple, but since around 2015 I've had nothing but problems with their hardware and software. Their software is so buggy; I remember when things just worked and now odd glitches are a daily occurrence.

Personally I hate this Safari feature. I much rather have full control over what sites store/don't store. On my laptop and desktop I have Firefox reject all third-party cookies (there's virtually no legitimate reason to have them anyway), in addition to usual extensions to block trackers, etc. Safari is only used on my phone and this "feature" of Apple's causes problems because it's not learning the sites I visit and keeps deleting legitimate cookies for those sites so I have to login/change settings when I visit. There really should be more control for the end user but that's not the Apple way.
Score: 12 Votes (Like | Disagree)
Swift Avatar
42 months ago
Meanwhile, Google can't build a browser like Safari because they make more money on ads if they let people track you by default. Google Ads needs it.
Score: 9 Votes (Like | Disagree)

Popular Stories

iOS 17 on Phone Feature

Gurman: iOS 17 to Provide Several 'Most Requested Features'

Sunday March 26, 2023 6:05 am PDT by
Apple changed the strategy for iOS 17 later in its development process to add several new features, suggesting that the update may be more significant than previously thought, Bloomberg's Mark Gurman reports. In January, Gurman said that iOS 17 could be a less significant update than iPhone updates in previous years due to the company's intense focus on its long-awaited mixed-reality...
dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
top stories 25mar2023

Top Stories: iPhone 15 Pro Design Leak, iOS 16.4 Coming Soon, and More

Saturday March 25, 2023 6:00 am PDT by
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware. iOS 16.4 and associated releases are also right around the corner with some new ...
Hero0009

Best Apple Deals of the Week: Samsung's Smart Monitor M8 Gets Massive $250 Discount, Along With Year's Best AirPods Prices

Friday March 24, 2023 10:23 am PDT by
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below. Note: MacRumors is an affiliate partner with some of these ...
Steve Jobs Theater dusk

Apple Reportedly Demoed Mixed-Reality Headset to Executives in the Steve Jobs Theater Last Week

Sunday March 26, 2023 5:53 am PDT by
Apple showcased its mixed-reality headset to the company's top 100 executives in the Steve Jobs Theater last week, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that the "momentous gathering" is a "key milestone" ahead of the headset's public announcement planned for June. The event was intended to rally Apple's top members of...
apple mixed reality headset concept by david lewis and marcus kane

Some Apple Employees Seriously Concerned About Mixed-Reality Headset as Announcement Draws Closer

Sunday March 26, 2023 8:25 am PDT by
Some Apple employees are concerned about the usefulness and price point of the company's upcoming mixed-reality headset, The New York Times reports. Apple headset concept by David Lewis and Marcus Kane Initial enthusiasm around the device at the company has apparently become skepticism, according to eight current and former Apple employees speaking to The New York Times. The change of tone...
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
iOS 16

iOS 16.4 Will Add These 8 New Features to Your iPhone

Sunday March 26, 2023 8:06 am PDT by
Following nearly six weeks of beta testing, iOS 16.4 is expected to be released to the public as soon as this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and...