SecureMac, Inc.

Safari Syncing Bug Left User Browsing Histories Accessible Through iCloud

February 14, 2017

Regularly clearing the history of sites one has visited in a browser is a common habit for many users. It reduces digital clutter while also providing you with a degree of control over your privacy on the web. When you’ve cleared your history, no one can access your device and instantly see where you’ve been online. That’s the idea, at least; unfortunately, an issue within iCloud meant that user histories lingered in the cloud, sometimes including data over a year old. Though wiped from the devices, a well-informed individual …

Safari Syncing Bug Left User Browsing Histories Accessible Through iCloud

Regularly clearing the history of sites one has visited in a browser is a common habit for many users. It reduces digital clutter while also providing you with a degree of control over your privacy on the web. When you’ve cleared your history, no one can access your device and instantly see where you’ve been online. That’s the idea, at least; unfortunately, an issue within iCloud meant that user histories lingered in the cloud, sometimes including data over a year old. Though wiped from the devices, a well-informed individual could have potentially pulled these records back out of iCloud. The data included the website’s URL, the date of the web visit, as well as the page title.

How could such a potentially glaring flaw exist? It seems that to enable devices to share browsing history, Apple stored these records in a particular file tied to one’s iCloud account. When a user sent a request to erase their browsing data, the information vanished from a user’s devices but remained in this hidden iCloud file. Rather than delete the old records, the system simply retained them.

After rapidly issuing a patch to prevent unauthorized users from viewing these files, Apple claimed in a statement that this was a now-fixed bug. They pledged to ensure that devices only retained access to the browsing data for two weeks. Apple also said that it would no longer maintain such records for longer than 60 days. While users can now clear their histories with more confidence, it’s important to remember that this is not the first time such an issue has arisen with web browsers.

Though an application may tell you it has deleted all your browsing data, that’s not always the case. Both Apple’s Safari and Mozilla Firefox experienced issues relating to the proper handling of user browsing data. Services to synchronize tabs, settings, and histories between platforms and devices complicate handling of this sensitive user data. Unfortunately, many apps are not very transparent about the way they handle and dispose of a user’s information.

With the iCloud issue fixed, we don’t need to worry about a third party snooping through our histories any time soon. However, users should continue their vigilance towards safeguarding this data. Always take steps to ensure that your information has been completely cleared whenever possible. Disabling iCloud browser syncing is one way to avoid the problem altogether.

Get the latest security news and deals