iCloud Private Relay Security Flaw Leaks User IP Address Instead of Preventing Third-Party Tracking: Research

iCloud Private Relay's flaw has been leaking the IP addresses of its users, rather than its promise to prevent third-party from tracking private info, according to recent research.

Apple iCloud
SAN FRANCISCO, CA - JUNE 06: Attendees walk by a sign for the new iCloud during the 2011 Apple World Wide Developers Conference at the Moscone Center on June 6, 2011 in San Francisco, California. Apple CEO Steve Jobs returned from sick leave to introduce Apple's new iCloud storage system and the next versions of Apple's iOS and Mac OSX. by Justin Sullivan/Getty Images

iCloud Private Relay

As per UberGizmo, Apple boasted during the WWDC last June 22 that the iCloud Private Relay provides users of the Cupertino giant with more privacy by preventing unnecessary third-party tracking.

The new feature of the iPhone maker is a new service that comes with the iOS 15, which brings two internet relays for an encrypted service and Safari.

The two internet relays are supposed to ensure that Safari will not expose the private information of iPhone, Mac, and iPad users to outsiders or third parties.

Simply put, Apple introduced the iCloud Private Relay to its users to provide them with extra privacy protection.

To further put it into perspective, the private relay service of the Cupertino giant should work as an "Incognito" or "Private Browsing" option for the entirety of the iPhone.

iCloud Private Relay Security Flaw Leaks IP Address

However, instead of granting Apple users an added assurance of a safeguarded private data, the iCloud Private Relay's flaw is exposing their IP addresses.

According to Apple Insider, developer and researcher Sergey Mostsevenko revealed the existing flaw of iCloud Private Relay, noting that the service could leak the actual IP addresses of its users.

The researcher further disclosed that the mishandling of a component with the Private Relay called WebRTC exposes what is supposed to be private data.

Apple Insider further noted in the same report that ideally third-party websites are only entitled to get a glimpse of the proxy IP address.

However, the vulnerability due to the WebRTC communication has a flaw that allows outsiders to peek at the actual user IP.

Mostsevenko further expounded on the technical details of the security flaw on the website of FingerprintJS by providing a proof of concept.

iCloud Private Relay Security Flaw: How to Fix?

Meanwhile, The Hacker News said in its report that FingerprintJS already notified the Cupertino giant about the security flaw within its iCloud Private Relay.

That said, the bright news is the tech giant behind the service already fixed the security issue in the latest update of the macOS Monterey beta, which was released as the seventh update of the new OS.

On the other hand, iOS 15 users are still susceptible to IP address leaks as the flaw has yet to be patched on the mobile Apple software.

So, in the meantime, iCloud Private Relay users on iOS 15 will have to wait a little longer than their macOS Monterey counterparts for the security law to be fixed.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics