Σύμφωνα με ερευνητές, οι ευπάθειες θα μπορούσαν να επιτρέψουν την παρακολούθηση της διαδικτυακής συμπεριφοράς των χρηστών. Αυτό σημαίνει ότι αν κάποιος εκμεταλλευόταν τις ευπάθειες, θα μπορούσε να δει όλες τις δραστηριότητες του χρήστη, τα site που επισκέπτεται κλπ. Οι ευπάθειες εντοπίστηκαν σε ένα εργαλείο του Safari browser, το οποίο είναι σχεδιασμένο για την ενίσχυση της προστασίας της ιδιωτικής ζωής. Ωστόσο, λόγω των ευπαθειών, τρίτες εταιρείες μπορούσαν να αποκτήσουν ευαίσθητες πληροφορίες σχετικά με την περιήγηση και όλες τις κινήσεις των χρηστών στο διαδίκτυο.Η έκθεση των ερευνητών αναφέρει ότι οι ευπάθειες του Safari έδιναν τη δυνατότητα στους hackers να παρακολουθήσουν το ιστορικό αναζήτησης και τη δραστηριότητα των χρηστών, ενώ επέτρεπαν και στα websites να παρακολουθούν τους χρήστες. Η ειρωνεία στην όλη υπόθεση είναι ότι οι ευπάθειες εντοπίστηκαν στο χαρακτηριστικό Intelligent Tracking Prevention (ITP) της Apple, που εισήχθη στον Safari το 2017.
Το Δεκέμβριο, ένας μηχανικός της Apple δήλωσε σε ένα blog post ότι η εταιρεία διόρθωσε τις ευπάθειες. Εκπρόσωπος επίσης της Apple κλήθηκε να μιλήσει για το συγκεκριμένο θέμα και επιβεβαίωσε ότι τα σφάλματα έχουν διορθωθεί...
https://www.secnews.gr/209158/safari-efpatheies-apple-google/
End of story? Wait a minute...
On the Dec. 10 post, John Wilander had said, "We have devised three ITP enhancements that not only fight detection of differing treatment but also improve tracking prevention in general." Cookies was one of the issues addressed. Wilander said, "ITP will now block all third-party requests from seeing their cookies, regardless of the classification status of the third-party domain, unless the first-party website has already received user interaction." Another of the enhancements was downgrading referrer headers. "ITP now downgrades all cross-site request referrer headers to just the page's origin. Previously, this was only done for cross-site requests to classified domains.
https://techxplore.com/news/2020-01-safari-tracking.html
Το Δεκέμβριο, ένας μηχανικός της Apple δήλωσε σε ένα blog post ότι η εταιρεία διόρθωσε τις ευπάθειες. Εκπρόσωπος επίσης της Apple κλήθηκε να μιλήσει για το συγκεκριμένο θέμα και επιβεβαίωσε ότι τα σφάλματα έχουν διορθωθεί...
https://www.secnews.gr/209158/safari-efpatheies-apple-google/
End of story? Wait a minute...
On the Dec. 10 post, John Wilander had said, "We have devised three ITP enhancements that not only fight detection of differing treatment but also improve tracking prevention in general." Cookies was one of the issues addressed. Wilander said, "ITP will now block all third-party requests from seeing their cookies, regardless of the classification status of the third-party domain, unless the first-party website has already received user interaction." Another of the enhancements was downgrading referrer headers. "ITP now downgrades all cross-site request referrer headers to just the page's origin. Previously, this was only done for cross-site requests to classified domains.
- Alfred Ng reporting for CNET talked about a tweet from Google Chrome engineering director Justin Schuh that Apple has not fixed certain Safari tracking prevention problems. Schuh had tweeted: "It has not. I explained elsewhere that Apple's blog post was confusing to the team that provided the report. The post was made during a disclosure extension Apple had requested, but didn't disclose the vulnerabilities, and the changes mentioned didn't fix the reported issues."
- Rami Tabari, Laptop Mag, said, "a number of the issues discussed in this paper were addressed in Safari 13.0.4 and iOS 13.3, which released in December 2019." Yet Laptop Mag's subhead: "Apple fixed it, but there's still a threat."
- At the time of this writing, Silicon.co.uk reported that Apple fixed Safari's tracking flaws but the Google engineer disagreed. Tom Jowitt explained that it seemed as though the Google engineer did not think that Apple actually patched the problem.
- Also, at the time of this writing, Bloomberg had this to say: "Wednesday's paper concluded that the problems go beyond the issues that Apple addressed. Instead of making a big list of cookies to block, Apple's ITP continuously learns what websites users visit and which kinds of cookies try to hitch a ride. Over time, this creates unique cookie-blocking algorithms for each web surfer that can be used to identify and track them, according to the paper."
https://techxplore.com/news/2020-01-safari-tracking.html
No comments :
Post a Comment