Security News Safari Flaw Can Expose iPhone Users in the EU to Tracking

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,669
Content source
https://www.mysk.blog/2024/04/28/safari-tracking/
Apple has introduced a new URI scheme in iOS 17.4 to allow EU users to download and install alternative marketplace apps from websites. Once an authorized browser invokes the special URI scheme marketplace-kit, it hands off the installation request to a MarketplaceKit process that starts communicating with the marketplace back-end servers to finally install the app. As part of the installation flow, the MarketplaceKit process sends a unique client_id identifier to the marketplace back-end. Both Safari and the MarketplaceKit process allow any website to make a call to the marketplace-kit URI scheme of a particular marketplace. As a result, multiple websites can trigger the MarketplaceKit process to send the same unique identifier client_id to the same marketplace back-end. This way a malicious marketplace can track users across different websites.
Click to expand...

Safari Flaw Can Expose iPhone Users in the EU to Tracking

Apple's implementation of installing marketplace apps from Safari is heavily flawed and can allow a malicious marketplace to track users across websites
www.mysk.blog
 
  • Wow
  • +Reputation
  • Like
Reactions: nicolaasjan, [correlate], silversurfer and 4 others

Similar threads

Ink
    • Applause
    • Like
  • Sticky
Serious Discussion Apple announce third-party App Store support with iOS 17.4 and Safari for EU users
Replies
4
Views
579
macOS, iOS & iPadOS
Ink
Ink
Ink
    • Like
    • +Reputation
Hot Take iOS 17.4 removes Web App support for iPhone users in the EU
Replies
0
Views
293
macOS, iOS & iPadOS
Ink
Ink
Gandalf_The_Grey
    • Applause
    • Like
EU Launches “In-Depth” Investigation of Amazon’s iRobot Acquisition
Replies
0
Views
446
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top