Privacy protection: Google says Safari suffers from serious security breaches

The browsing data protection function integrated into Safari would suffer from numerous security vulnerabilities that could be exploited by hackers. It is Google which affirms it, while Apple assures that it corrected as of December the vulnerabilities discovered by its competitor.

Firefox, Chrome or Safari With each new version, the largest browsers announce that they will do more to protect the privacy of users, like lately Chrome with the blocking of cookies . At Apple, we had unveiled a function called “Intelligent Tracking Prevention”. It dates from 2017, and its objective was to counter the tracking of advertising agencies , which collect data from Internet users to better target advertisements.

This is a very good function, imitated or improved by competitors, except that Google experts have discovered that it incorporates many flaws that can be exploited by hackers. The Financial Times reveals it, based on a confidential document from Google researchers, who explain that they alerted their Apple counterparts in August to warn them of the existence of several flaws. , likely to be attacked in five different ways and to precisely recover confidential information such as the list of sites visited.

Faults corrected or not?

Apple side, it is explained that it is ancient history and that the faults were plugged in December. In an article that actually dates from December , Apple therefore recognized the existence of the flaws, and thanked Google for the help provided. 

Except that one of the experts, who had highlighted these vulnerabilities, reveals on Twitter  that the flaws still exist! As a result, the director of engineering for Google Chrome has posted the document obtained by the Financial Times, and he assures that the Apple article is misleading, and that the flaws still exist.

If this is the case, it means at the same time that Safari users are not protected, and that a hacker could access the list of blocked sites. Why not reactivate them, and thus allow advertising agencies to track Internet users.