Google finds 5 privacy vulnerabilities in Safari’s privacy tools


Apple's innovative Intelligent Tracking Prevention feature had some big flaws.
Photo: Apple

Google’s security researchers unearthed some huge security vulnerabilities in Safari that let users’ online behavior to be tracked.

Ironically, the researchers found the vulnerabilities in the Intelligent Tracking Prevention feature Apple added in 2017 to shield users from tracking in the first place.

Full details of the report remain unreleased, but The Financial Times got an early look at the findings. Google’s team discovered five possible attacks that would allow hackers to gain private info on users’ browsing habits.

Google spots Safari’s flaws

Intelligent Tracking Prevention is heavily promoted on Apple's Safari website
Intelligent Tracking Prevention is heavily promoted on Apple’s Safari website.
Photo: Apple

This marks the second time in a year that Google’s security research team found a major security flaw in Apple software. The company discovered 14 exploits that hackers could use to obtain iPhone users’ private data last year.

Google’s researchers said the fact that Intelligent Tracking Prevention runs its algorithm on your iPhone makes the leak of information possible. The team found a way to access information about websites visited by the iPhone. They also created a “persistent fingerprint” to follow them around the web.

“You would not expect privacy-enhancing technologies to introduce privacy risks,” said Lukasz Olejnik, a security researcher who talked Financial Times. “If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking.”

Apple declined to comment on the story. The company issued fixes for the flaws back in December. John Wilander, Apple’s engineer behind Safari’s Intelligent Tracking Prevention, credited Google’s team for its report in a blog post at the end of last year.