iCloud Private Relay's flaw has been leaking the IP addresses of its users, rather than its promise to prevent third-party from tracking private info, according to recent research.
iCloud Private Relay
As per UberGizmo, Apple boasted during the WWDC last June 22 that the iCloud Private Relay provides users of the Cupertino giant with more privacy by preventing unnecessary third-party tracking.
The new feature of the iPhone maker is a new service that comes with the iOS 15, which brings two internet relays for an encrypted service and Safari.
The two internet relays are supposed to ensure that Safari will not expose the private information of iPhone, Mac, and iPad users to outsiders or third parties.
Simply put, Apple introduced the iCloud Private Relay to its users to provide them with extra privacy protection.
To further put it into perspective, the private relay service of the Cupertino giant should work as an "Incognito" or "Private Browsing" option for the entirety of the iPhone.
iCloud Private Relay Security Flaw Leaks IP Address
However, instead of granting Apple users an added assurance of a safeguarded private data, the iCloud Private Relay's flaw is exposing their IP addresses.
According to Apple Insider, developer and researcher Sergey Mostsevenko revealed the existing flaw of iCloud Private Relay, noting that the service could leak the actual IP addresses of its users.
The researcher further disclosed that the mishandling of a component with the Private Relay called WebRTC exposes what is supposed to be private data.
Apple Insider further noted in the same report that ideally third-party websites are only entitled to get a glimpse of the proxy IP address.
However, the vulnerability due to the WebRTC communication has a flaw that allows outsiders to peek at the actual user IP.
Mostsevenko further expounded on the technical details of the security flaw on the website of FingerprintJS by providing a proof of concept.
iCloud Private Relay Security Flaw: How to Fix?
Meanwhile, The Hacker News said in its report that FingerprintJS already notified the Cupertino giant about the security flaw within its iCloud Private Relay.
That said, the bright news is the tech giant behind the service already fixed the security issue in the latest update of the macOS Monterey beta, which was released as the seventh update of the new OS.
On the other hand, iOS 15 users are still susceptible to IP address leaks as the flaw has yet to be patched on the mobile Apple software.
So, in the meantime, iCloud Private Relay users on iOS 15 will have to wait a little longer than their macOS Monterey counterparts for the security law to be fixed.
This article is owned by Tech Times
Written by Teejay Boris