a Team of cyber security Google has discovered a series of major vulnerabilities in Safari. According to experts, many defects were found in Intelligent Tracking Prevention (ITP) – built-in browser Apple system tracking protection.
This feature was introduced in Safari in 2017. ITP is designed for blocking web-bugs that track the movement of users between sites. However, it turned out that Apple itself can serve as a tool of surveillance, writes The Financial Times.
Google has described five scenarios in which attackers could take advantage of bugs in Safari. Ironically, experts said, ITP is “implicitly stores information about visited sites”, which allows hackers to create a unique digital fingerprint and monitor the activity of a particular user. In addition, due to other shortcomings in the system of Apple you can get information about search queries.
Google Engineers advised developers Safari the error in August last year. Apple representatives said in a blog that the vulnerability was fixed in December, and thanked colleagues for help.
It has not. I explained elsewhere that Apple’s blog post was confusing to the team that provided the report. The post was made during a disclosure extension Apple had requested, but didn’t disclose the vulnerabilities, and the changes mentioned didn’t fix the reported issues.
– Justin Schuh ∎∎∎∎ (@justinschuh) January 22, 2020.
However, this week the head of the team of developers of Google Chrome, Justin Schuh wrote that blog Apple problem misinterpreted, and mistakes are still not fixed. Representatives of the company, his words not comment.