Monday, April 15, 2024

Newly discovered flaw in iCloud private relay service leaked user’s IP address: Apple Apple-cnBeta.COM


A flaw was discovered in Apple’s recently launched iCloud private relay system, exposing the user’s IP address when certain conditions were met, thus destroying the basic value of the feature. As researcher and developer Sergey Mostsevenko detailed in a blog post this week, a flaw in the handling of WebRTC by private relays can “leak” the user’s real IP address, which provides a concept on the FingerprintJS Prove website.


Apple Online Store (China)

Private Relay, announced at the Global Developers Conference in June, promises to prevent third parties from tracking IP addresses, user locations, and other details by routing Internet requests to two separate relay stations operated by two different entities.AppleThe company said it was configured to use anonymous IP addresses for Internet connections through private relays, assigned to the user’s region, but did not reveal its exact identity or location.


In theory, the website should only see the IP address of the export agent, but the actual IP of the user will be reserved in some WebRTC communication scenarios, which can be discovered through some clever code.

As Mostsevenko explained, the WebRTC API is used to facilitate direct communication on the network without the need for an intermediate server. Implemented in most browsers, WebRTC relies on the Interactive Connection Establishment (ICE) framework to connect two users. One browser collects ICE candidates and uses possible connection methods to find and link to the second browser.

The vulnerability appears in the Reflective Server Candidate, which is a candidate used by the NAT Server Session Traversal Tool (STUN) to connect to devices behind the NAT. Network Address Translation (NAT) is a protocol that allows multiple devices to access the Internet through a single IP address. The important thing is that the STUN server shares a user’s public IP address and port number.


“Since Safari does not send STUN requests through a private iCloud relay, the STUN server knows your real IP address. This is not a problem in itself, because they have no other information; however, Safari passes ICE candidates that contain real IP addresses to JavaScript Environment, “Mostsevenko said. “Then once the de-anonymization is complete, it becomes a problem to parse your actual IP address of the ICE candidates – this can easily be done via a web app.

According to the researcher, the user’s IP address can be collected by establishing a connection object with the STUN server, collecting ICE candidates and analyzing their values.

FingerprintJS reported the vulnerability to Apple, and the company pushed a fix in the latest beta version of macOS Monterey released this week. However, the vulnerability has yet to be patched in iOS 15.

learn more:

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:


More like this

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...