Following the discovery of a series of iPhone security flaws, Google is all set to take out a new set of vulnerabilities they found in Apple Safari. According to an exclusive FT report, Google researchers have hunted down a series of security holes which can help hackers to track users' internet behavior.
Paradoxically, the flaws were found in a tool called anti-tracking in the Safari browser. The tool was specially crafted to protect Apple product users' privacy, the report says.
Debuted in 2017, Apple's Anti Tracking Prevention tool is supposed to protect Safari browser users' privacy by keeping them untraceable by third-party cookies. Online advertisers effectively use such cookies to track users' online behavior.
Researchers from Google's Cloud team have found five unique attack methods which can exploit the discovered vulnerabilities. The vulnerabilities can let third-party cookies retrieve sensitive user information regarding their online behavior.
The Google researchers asserted in a yet to be published research paper that the Internet Tracking Prevention (ITP) of Safari stores information regarding the websites a user visits. They have also found that a cybercriminal can develop a user-specific signature by exploiting an existing flaw, which would let them track the victims wherever they go.
Google has already reported this critical issue to Apple, and the company has taken necessary steps to fix the problem. The patch was released in December 2019, following which a privacy engineer from Apple called John Wilander has thanked Google for reporting the issue.
"We'd like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection," Willander wrote in his post published on December 10, 2019.
"ITP now downgrades all cross-site request referrer headers to just the page's origin. Previously, this was only done for cross-site requests to classified domains," he added.