Google researchers reveal multiple vulnerabilities in Apple browser

Netease Technology News on January 23, according to foreign media reports, Google researchers recently disclosed the “multiple security vulnerabilities” in Apple’s browser Safari. The vulnerabilities were discovered in the Safari “Smart Tracking Prevention” feature, which is designed to protect users from cross-site tracking and other online privacy issues.

It is reported that researchers from the Google cloud computing team explained these vulnerabilities in an upcoming paper. Researchers have identified five different attack methods, all of which may be due to Safari browser security holes.

Google researchers say that the smart tracking prevention system exposes personal data because it “implicitly stores information about users visiting websites.” Ironically, a security breach allowed hackers to “create a persistent fingerprint and track users on the network.” Other vulnerabilities can reveal what users are searching on search engine pages.

In essence, the security flaws of Apple’s Intelligent Tracking Prevention Platform make users more vulnerable to the end, which runs counter to its original intention. Independent security researcher Lukasz Olejnik said: “You might think that privacy-enhancing technologies pose no privacy risk, but if exploited, vulnerabilities could lead to unauthorized and uncontrolled tracking of users. “

In August 2019, Google notified Apple of these security vulnerabilities, and Apple claimed to have fixed the smart tracking prevention feature of Safari in December. Apple mentioned the fix in a blog post at the time and thanked Google for help.

Apple claims: “We want to thank Google for sending us a report in which they explored both the ability to detect when web content is treated differently through tracking prevention, and the possible negative consequences of such detection. “

Having said that, Justin Schuh, Google’s director of Chrome engineering, tweeted that despite Apple’s claim that the bugs have been fixed, this is not the case. 

Leave a Reply

Your email address will not be published. Required fields are marked *