Google finds security flaws in Apple’s Safari browser

Google security researchers discovered several security flaws in a privacy software in Apple web browser Safari that could have helped third-party vendors track users’ browsing habits, the Financial Times reported on Wednesday, ahead of a paper published by the researchers.
 
According to a report which cited a soon-to-be-published paper from Google’s ‘Project Zero’ team, the vulnerabilities were found in an anti-tracking feature known as ‘Intelligent Tracking Prevention’. All the six security bugs were patched with the iPhone maker’s iOS 12.4 release.
 
Once disclosed by Google researchers to Apple in August last year, the Cupertino-based iPhone maker immediately patched the flaws. Ironically, the flaws stemmed from Apple’s Intelligent Tracking Prevention (ITP) feature for Safari, first unveiled in 2017.
 
According to Google researchers, the vulnerabilities left personal data of Safari users exposed. They also found a flaw that allowed hackers to “create a persistent fingerprint that will follow the user around the web”.
 
“We’ve long worked with companies across the industry to exchange information about potential vulnerabilities and protect our respective users. Our core security research team has worked closely and collaboratively with Apple on this issue. The technical paper simply explains what our researchers discovered so others can benefit from their findings” — Google said in a statement to CNET.
 
According to a blog post in December, an Apple engineer said that the company had fixed flaws disclosed to it by Google researchers. An Apple spokesman on Wednesday confirmed that the flaws found by Google and highlighted in the Financial Times’ story were patched last year.
 

---