Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday January 27 2020, @05:16AM   Printer-friendly
from the security-is-a-process dept.

Arthur T Knackerbracket has found the following story:

Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection (ITP), a privacy scheme developed by Apple's WebKit team for the company's Safari browser.

In December, Apple addressed some of these vulnerabilities (CVE-2019-8835, CVE-2019-8844, and CVE-2019-8846) through software updates, specifically Safari 13.0.4 and iOS 13.3. Those bugs could be exploited to leak browsing and search history and to perform denial of service attacks.

But they're not quite fixed, according to Google's boffins. In a paper [PDF] titled, "Information Leaks via Safari's Intelligent Tracking Prevention," authors Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis claim that the proposed mitigations "will not address the underlying problem."

And on Wednesday, Justin Schuh, Google engineering director for Chrome security and privacy, made a similar claim via Twitter. Google, he said, had found similar security flaws in a Chrome tool called XSS Auditor and had decided they were fundamentally unfixable.

"After several back and forths with the team that discovered the issue, we determined that it was inherent to the design and had to remove the code," he explained.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by coolgopher on Monday January 27 2020, @06:32AM

    by coolgopher (1157) on Monday January 27 2020, @06:32AM (#949211)

    Then don't let untrusted code run in the browser by default. This is not news, people.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2