Google security researchers have disclosed vulnerabilities that are currently in Apple’s Safari web browser. Specifically, the company says there are issues in the Intelligent Tracking Protection technology Apple uses to protect users from third party tracking.
In a case of irony, Google has found Intelligent Tracking Protection could be doing the exact opposite of its remit. Researchers say the service is actually allowing third parties to track Safari users. In a report published in the Financial Times (FT), Google said the details of the research will be published soon.
According to the research, there are five ways an attacker could exploit the vulnerabilities in ITP. Each of the methods would allow third parties to get “sensitive private information about the user’s browsing habits”.
It’s an interesting situation because Apple has long boasted about its relative user security compared to other companies.
One feature within the ITP technology is designed to store website data when a user visits the site. A problem in this feature could allow hackers to “create a persistent fingerprint that will follow the user around the web,” according to the report.
As mentioned, Apple has built user trust by claiming to be different from other companies. While vulnerabilities like this question the quality of the company’s efforts, the problems may not through into question the validity.
There may be a vulnerability, but Apple’s ethos of wanting to protect user privacy seems to be intact.
Either way, the company says it has already fixed this problem and was aware of them already.
This was confirmed in a blog post by Apple privacy engineer John Wilander, who thanked Google researchers “for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection,” he wrote.