One of the changes Apple announced at WWDC earlier this year that will come to Apple’s service is iCloud Private Relay. Basically, this feature is supposed to help prevent third party tracking of IP addresses, user locations, and more – essentially, it’s supposed to provide better privacy for users.
However, it seems that some bug in the system made it quite unsafe. This was discovered by researcher and developer Sergey Mostsevenko, who found that a bug actually resulted in the user’s IP address being leaked. A proof of concept for this bug in action can be found on the FingerprintJS website.
Mostsevenko explains it with the words: “Since Safari does not forward STUN requests via iCloud Private Relay, STUN servers know your real IP address. This is not a problem in itself as they have no other information; However, Safari passes ICE candidates that contain real IP addresses to the JavaScript environment. In order to deanonymize you, you have to analyze your real IP address from the ICE candidates – something that is easy to do with a web application. “
The good news is that the bug appears to have been patched in the latest beta of macOS Monterey, but it remains unpatched in iOS 15, but we imagine Apple should join in at some point.
Pickled. Read more about Icloud and data protection. Source: Apple insider
This article was previously published on Source link