News

Google exposes flaws in Apple’s privacy software

Researchers from the internet giant discovered vulnerabilities in Apple’s Intelligent Tracking Prevention tool last year.
Researchers from the internet giant discovered vulnerabilities in Apple’s Intelligent Tracking Prevention tool last year. Researchers from the internet giant discovered vulnerabilities in Apple’s Intelligent Tracking Prevention tool last year.

Google researchers have uncovered security flaws in Apple’s Safari web browser, despite the affected tool being designed to protect user privacy.

The flaws were found in a feature known as Intelligent Tracking Prevention (ITP).

It was introduced by Apple in 2017 with the specific aim of protecting users of its Safari web browser from being tracked around the web through cookies – small pieces of data created when someone visits a website.

According to Google’s research, the flaws could have allowed third parties to obtain sensitive private information about a user’s browsing habits, if they were exploited.

Google confirmed it reported the issues to Apple when they were discovered last year and Apple has confirmed the issues have since been fixed.

“We’ve long worked with companies across the industry to exchange information about potential vulnerabilities and protect our respective users,” a Google spokesman said.

“This technical paper simply explains the issue that our researchers discovered, so others can benefit from the research.

“Our core security research team reported these issues to Apple last year and they addressed them promptly.”

In a blog post in December, Apple engineer John Wilander, who works on the Intelligent Tracking Prevention feature, said: “We’d like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection.”

He added that Google’s “responsible disclosure practice” had helped Apple design and test the necessary changes.

Upon its announcement in 2017, ITP was seen as a vital step in improving data privacy controls for users at a time when greater attention was being paid to online security.