City
Epaper

Google discovers security flaws in Apple Safari browser

By IANS | Published: January 23, 2020 10:06 AM

Google security researchers discovered several security flaws in a privacy software in Apple web browser Safari that could have helped third-party vendors track users' browsing habits.

Open in App

According to a report in the Financial Times which cited a soon-to-be published paper from Google's 'Project Zero' team, the vulnerabilities were found in an anti-tracking feature known as 'Intelligent Tracking Prevention'.

Once disclosed by Google researchers to Apple in August last year, the Cupertino-based iPhone maker immediately patched the flaws.

Apple launched the 'Intelligent Tracking Prevention' tool in 2017 to, in fact, protect Safari users from being tracked around the web by advertisers and other third-party cookies.

According to Google researchers, the vulnerabilities left personal data of Safari users exposed. They also found a flaw that allowed hackers to "create a persistent fingerprint that will follow the user around the web".

Apple confirmed it patched the issues.

This is the third time Google researchers have found flaws in the Apple ecosystem.

In September, Apple slammed Google for creating a false impression about its iPhones being at hacking risk owing to security flaws that allegedly let several malicious websites break into its iOS operating system.

Researchers at 'Project Zero' team had discovered several hacked websites that allegedly used security flaws in iPhones to attack users who visited these websites compromising their personal files, messages, and real-time location data.

In a statement, Apple said the so-called sophisticated attack was narrowly focused, not a broad-based exploit of iPhones "en masse" as described.

According to Google, the websites delivered their malware indiscriminately and were operational for years.

According to the iPhone maker, "all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not "'two years" as Google implies.

Google researchers also said they identified a vulnerability that accessed all the database files on the victim''s iPhone used by end-to-end encryption apps like WhatsApp, Telegram and iMessage.

Apple said that it fixed the vulnerabilities in question working extremely quickly to resolve the issue just 10 days after it learnt about it.

In July last year, the 'Project Zero' team found six critical flaws in Apple iMessage that can compromise the user's phone without even interacting with them. These security vulnerabilities fell into the 'interactionless' category.

Two members of 'Project Zero', Google's elite bug-hunting team, published details and demo proof-of-concept code for five of six 'interactionless' security bugs that impact the iOS operating system and can be exploited via the iMessage client.

All the six security bugs were patched with the iPhone maker's iOS 12.4 release.

( With inputs from IANS )

Open in App

Related Stories

InternationalUN chief emphasises role of youth in driving climate action, shaping urban futures

InternationalSeven killed in Israel after Hezbollah targets Metula, Haifa

InternationalTrump vows to protect Hindu Americans from radical left; strengthen ties with India

InternationalAt least 158 killed in Spain's flash floods

InternationalUS elections: Over 60 million cast early votes; Harris and Trump in tight contest in Georgia, North Carolina

टेकमेनिया Realted Stories

TechnologyCzech antitrust agency denies Westinghouse, EDF complaints over KHNP's nuclear deal

TechnologyNow filter chats with customised lists on WhatsApp

TechnologyGoogle expands split-screen Gemini functionality to more devices

TechnologyBPL Group Chairman T.P.G. Nambiar Passes Away, Top Leaders Express Condolences

TechnologyS. Korea conducts 1st interagency field training against space debris risks