Security News

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.

Australian courier company Toll has shut down several of its key systems after a "Security incident" last week, prompting a backlash from frustrated customers. A Reg reader who spoke to service reps over the phone told us Toll employees have been unable to provide information about their packages, or even to access their internal tracking database.

Semtech, a leading supplier of high performance analog and mixed-signal semiconductors and advanced algorithms, announced the release of its Asset Tracking Reference Kit to accelerate the adoption of asset tracking solutions based on LoRa devices and the LoRaWAN protocol, and facilitate the confirmation of the business value of such solutions. "For companies that need indoor presence detection and outdoor geolocation, the Semtech Asset Tracking Reference Kit illustrates how easily LoRaWAN private network coverage can be achieved in combination with geolocation," said Pierre Gelpí, Director of Vertical Marketing for Logistics Asset Tracking in Semtech's Wireless and Sensing Products Group.

Apple's latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution. The fixes address vulnerabilities in Apple's Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV's operating system, tvOS - each rated high-severity.

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. The form proceeds to state that, as part of signing up for a rewards card, Ralphs "May collect" information such as "Your level of education, type of employment, information about your health and information about insurance coverage you might carry."

Unexpectedly, in December, Apple published a blog thanking Google for suggesting some changes to ITP which they'd implemented in Safari as part of December's iOS 13.3, and Safari for macOS 13.0.4 updates. Any site can issue cross-site requests, increasing the number of ITP strikes for an arbitrary domain and forcing it to be added to the user's ITP list.

The privacy mechanism implemented by Apple's Safari browser to prevent user tracking across websites is not efficient at protecting users' privacy, Google security researchers have discovered. Called Intelligent Tracking Prevention, the system is meant to prevent websites commonly loaded in a third-party context from receiving identifiable information about the user.

Technology Apple designed for its Safari web browser to protect users from being tracked when they surf the web may actually do just the opposite, according to new research from Google. Google researchers have identified a number of security flaws in Safari's Intelligent Tracking Protection that allow people's browsing behavior to be tracked by third parties, according to a report published in the Financial Times Wednesday.

Google security researchers have published details about the flaws they identified last year in Intelligent Tracking Protection, a privacy scheme developed by Apple's WebKit team for the company's Safari browser. Schuh expressed skepticism that Apple will be able to salvage ITP. "They attempt to mitigate tracking by adding state mechanisms, but adding state often introduces worse privacy/security issues," he wrote.

The online giant said its "Sandbox" program would still allow advertisers the ability to deliver targeted messages, while also sparing people from being tracked by snippets of code called "Cookies" when they use its Chrome web browser. "We are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete," Chrome director of engineering Justin Schuh said in a post.