Flaws in Apple's Intelligent Tracking Prevention Safari Feature Let People Be Tracked
Google researchers discovered multiple security flaws in Apple's Safari web browser that let users' browsing habits be tracked despite Apple's Intelligent Tracking Prevention feature.
Google plans to publish details on the security flaws in the near future, and a preview of Google's discovery was seen by Financial Times, with the publication sharing information on the vulnerabilities this morning.
The security flaws were first found by Google in the summer of 2019, and were disclosed to Apple in August. There were five types of potential attacks that could allow third parties to learn "sensitive private information about the user's browsing habits."
Google researchers say that Safari left personal data exposed because the Intelligent Tracking Prevention List "implicitly stores information about the websites visited by the user." Malicious entities could use these flaws to create a "persistent fingerprint" that would follow a user around the web or see what individual users were searching for on search engine pages.
Intelligent Tracking Prevention, which Apple began implementing in 2017, is a privacy-focused feature meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.
Lukasz Olejnik, a security researcher who saw Google's paper, said that if exploited, the vulnerabilities "would allow unsanctioned and uncontrollable user tracking." Olejnik said that such privacy vulnerabilities are rare, and "issues in mechanisms designed to improve privacy are unexpected and highly counter-intuitive."
Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its "responsible disclosure practice," though full security credit has not yet been provided by Apple so there's a chance that there's still some behind-the-scenes fixing to be done.
Popular Stories
Apple today confirmed to Reuters that it has acquired Q.ai, an Israeli startup that is working on artificial intelligence technology for audio.
Apple paid close to $2 billion for Q.ai, according to sources cited by the Financial Times. That would make this Apple's second-biggest acquisition ever, after it paid $3 billion for the popular headphone and audio brand Beats in 2014.
Q.ai has...
Apple today introduced its first two physical products of 2026: a second-generation AirTag and the Black Unity Connection Braided Solo Loop for the Apple Watch.
Read our coverage of each announcement to learn more:Apple Unveils New AirTag With Longer Range, Louder Speaker, and More
Apple Introduces New Black Unity Apple Watch BandBoth the new AirTag and the Black Unity Connection Braided...
Alongside iOS 26.2.1, Apple today released an updated version of iOS 12 for devices that are still running that operating system update, eight years after the software was first released.
iOS 12.5.8 is available for the iPhone 5s and the iPhone 6, meaning Apple is continuing to support these devices for 13 and 12 years after launch, respectively. The iPhone 5s came out in September 2013,...
Update: Apple Creator Studio is now available.
Apple Creator Studio launches this Wednesday, January 28. The all-in-one subscription provides access to the Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage apps, with U.S. pricing set at $12.99 per month or $129 per year.
A subscription to Apple Creator Studio also unlocks "intelligent features" and "premium...
On an earnings call with equity analysts today, Apple CEO Tim Cook responded to fast-rising RAM and SSD storage chip prices in the supply chain.
Prices for RAM and NAND storage chips are surging lately due to high demand from companies building out AI servers, resulting in supply constraints.
Cook said that rising memory chip prices had a "minimal impact" on Apple's gross margin in the...
