However, there is no need to flee to the hills. Still.
The CEO of the Russian security software company ElcomSoft, Vladimir Katalov, was the discoverer of this hole: while browsing on his iPhone, he came across all of his browsing history from Safari, coming from all devices associated with your iCloud and going for more than a year ago including items previously erased by itself. There was no encryption to protect this history, and the executive easily used software from his own company, the Phone Breaker, to extract the data and obtain a perfect list with the names of the sites and their respective addresses.
All of this could be a simple marketing trick for ElcomSoft, but Katalov contacted Thomas Fox-Brewster, from Forbes, to verify the failure and did not give another. The journalist deleted all of his Safari history and then, with the help of Phone Breaker, managed to recover the more than 7,000 (!) Previously deleted items, dated November 2015 onwards, in addition to Google searches. In the list provided by the software, deleted items are marked as ?deleted?.
To confirm the failure, Fox-Brewster contacted an expert in forensic technology on iOS who, in turn, detected more than 125,000 previously deleted Safari history records, in addition to Google searches and even deleted notes from the native app. In the latter case, however, the time period was much shorter: only notes erased up to 30 days ago appeared in the survey.
Apparently, this is just a simple slip on the part of Apple while Apple seems to be very diligent in the task of erasing history of deleted notes, the company seems to have forgotten to do the same thing with the navigation history of users in the last months (or years). In addition, the danger of a possible invasion of user privacy is mitigated by the fact that, in order to have access to the deleted history, it is still necessary for the attacker to be in possession of the attacker's iCloud credentials.
Finally, even though Apple has not officially commented on the case, it seems that the company's engineers took note of the case, since, after the discovery was published, the (non-) erased history effectively began to disappear: both Katalov and Fox-Brewster and the anonymous expert reported that the data even began to fade away hours after the initial publication of the report, so it is not difficult to imagine a task force in Cupertino frantically erasing terabytes of data that should not have existed for a long time.
Still, the moral lesson is so often repeated and so little assimilated: if you have something to hide, the internet is really not the best place to do it. Ephemerality in the digital age only in interpersonal relationships; on the other hand, your steps will always be recorded for someone else's eavesdropping no matter how much you try to cover them up.
(via Cult of Mac)