Google and Facebook caught exploiting Safari security flaw
Google have been caught using an exploit to bypass security features in Apple’s Safari browser for iPhones and Macs. Naughty Google!
According to The Wall Street Journal, Google (alongside other advertising companies and Facebook) had been using “special computer code that tricks Apple’s Safari web-browsing software into letting them monitor many users”.
The exploit, based on one developed by Anant Garg back in 2010, sends a blank form to trick Safari into accepting cookies from unauthorised sources. Safari is otherwise configured to block monitoring cookies, which the likes of Google and Facebook use to more closely tailor adverts to users.
Since being contacted by the WSJ, Google have ceased using the method, and gave this response:
“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.”
So, are Google, Facebook et al innocently trying to provide a more seamless web-browsing experience that doesn’t require password input every five minutes, or is something more sinister (as sinister as targeted advertising gets anyway) afoot? Share your thoughts in the comments section below!