Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Safari Flaw Exposes EU Users to Tracking

April 30, 2024
Reading Time: 3 mins read
in Alerts
Safari Flaw Exposes EU Users to Tracking

A significant security vulnerability has been found in Apple‘s Safari browser, which affects iPhone users in the European Union. The flaw stems from a new feature in iOS 17.4, aimed at allowing users to install apps directly from Safari through alternative marketplaces, a move meant to comply with EU regulations intended to curb Apple’s market dominance. Security researchers Talal Haj Bakry and Tommy Mysk identified that the implementation of a new URI scheme called marketplace-kit by Apple could be exploited to track users across different websites. This scheme, used during the app installation process, sends a unique and consistent client_id to the marketplace’s backend, which can be used to track users’ online activities across multiple sites.

The exploitation process begins when a user opts to install an app from a marketplace website using Safari. This action invokes the marketplace-kit URI scheme, initiating the MarketplaceKit process that manages backend communications. During this process, the unique client_id, which remains consistent across different sessions and websites, is transmitted. This consistency of the identifier allows for potential tracking of the user’s online behaviors across various platforms that employ this scheme.

One of the core privacy concerns with this vulnerability is that any website can initiate the MarketplaceKit process by simply invoking the marketplace-kit URI scheme. This design flaw means that multiple websites could potentially collaborate to monitor and share a user’s online behavior by leveraging the client_id identifier. This issue is compounded by Safari’s failure to verify the website’s origin when calling the URI scheme, a security measure that browsers like Brave implement by checking the website’s origin against the URL in the request.

Apple has allowed only a few browsers, including Safari, to use the marketplace-kit URI scheme with a special entitlement. The security researchers have criticized this implementation, highlighting its “catastrophic security and privacy flaws” and pressing Apple to address these issues promptly. In response to the potential for misuse, users are advised to be cautious when installing apps from third-party marketplaces and to consider using browsers that do not support the marketplace-kit URI scheme if concerned about privacy. As Apple works to rectify this flaw, it is crucial for users to stay updated on developments and apply any security updates issued to protect against potential exploitation of this vulnerability.

Reference:
  • New Safari Flaw Could Track iPhone Users Across Europe

Tags: AppleApril 2024Cyber AlertCyber Alerts 2024Cyber RiskCyber threatiOSSafari browser
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial