Security News

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business. The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks.

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.

Unexpectedly, in December, Apple published a blog thanking Google for suggesting some changes to ITP which they'd implemented in Safari as part of December's iOS 13.3, and Safari for macOS 13.0.4 updates. Any site can issue cross-site requests, increasing the number of ITP strikes for an arbitrary domain and forcing it to be added to the user's ITP list.

The privacy mechanism implemented by Apple's Safari browser to prevent user tracking across websites is not efficient at protecting users' privacy, Google security researchers have discovered. Called Intelligent Tracking Prevention, the system is meant to prevent websites commonly loaded in a third-party context from receiving identifiable information about the user.

Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection, a privacy scheme developed by Apple's WebKit team for the company's Safari browser. Schuh expressed skepticism that Apple will be able to salvage ITP. "They attempt to mitigate tracking by adding state mechanisms, but adding state often introduces worse privacy/security issues," he wrote.

White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu.

Apple has updated its privacy pages on Wednesday and shared three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user privacy. The changes Apple...

Safari does use Tencent to ensure that users in China do not navigate to malicious websites, but it never sends the actual URL of a visited site to the Chinese company, Apple says. read more

Cupertino in China Syndrome meltdown Responding to concern that its Safari browser's defense against malicious websites may reveal the IP addresses of some users' devices to China-based Tencent,...