Security News > 2018 > March > Apple Blocks Sites From Abusing HSTS Security Standard to Track Users

Apple Blocks Sites From Abusing HSTS Security Standard to Track Users
2018-03-20 10:18

If you are unaware, the security standard HTTP Strict Transport Security (HSTS) can be abused as a 'supercookie' to surreptitiously track users of almost every modern web browser online without their knowledge even when they use "private browsing." Apple has now added mitigations to its open-source browser infrastructure WebKit that underpins its Safari web browser to prevent HSTS abuse after


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/bgaA7XPW7f4/hsts-supercookie-tracking.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349