Posts Tagged ‘Apple Safari’

A new security vulnerability has been found in Apple Safari’s Autofill feature, which can allow malicious websites to extract users personal information from their Address Book.

“All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker” wrote security researcher, Jeremiah Grossman.

Grossman submitted the vulnerability to Apple on 17th June, but Apple is yet to comment on the issue. Grossman has also released proof-of-concept code illustrating how the vulnerability works.

The vulnerability affects both Safari 4 and Safari 5 on Mac computers, with no patch in sight from Apple.

Apple’s Safari Extensions Gallery may be nearing launch, with Apple today sending out an email to registered developers reminding them to submit their Safari 5 extensions for inclusion in the gallery.

We’ll soon be launching the Safari Extensions Gallery, a new destination that provides you with an opportunity to increase the visibility of your Safari extension beyond your website.

The Safari Extensions Gallery will feature selected extensions that offer an innovative user experience. And a one-click installation process will allow users to seamlessly install extensions from a developer’s website without ever having to leave the Gallery.

Have your extension considered for the Safari Extensions Gallery. Submit your extension download URL and supporting metadata today.

While some extensions for the browser are currently available, Safari 5 users must manually enable extensions for them to work in the browser. A comprehensive list of early Safari 5 extensions can be found in the Safari Extensions blog.

Interested developers can submit their Safari 5 extensions at the Safari Dev Center.

Tags: , , , , Categories: Safari Comments Off

In a release that had been hinted at in late May, Apple has released Safari 5 to the world, for both Mac and Windows users.

Performance of the updated browser has seen Apple’s Nitro JavaScript engine speed increase by 30% over its predecessor. Safari 5 new DNS pre-fetching and improved caching which helps web pages load faster.

HTML5 support has also been improved, with support for over 17 new HTML5 tags and features. HTML video now supports full-screen and closed captions.

Perhaps the most impressive feature of Safari 5 is the new Safari Reader. This nifty feature removes ads and other distractions from online articles. Safari 5 automatically detects when you are reading an article, and can be activated by clicking the new reader button which will appear in the address bar.

Most pleasing to current add-on and extension users is that Safari 5 will now support user generated extensions, which are expected to launch in an online Apple gallery in the coming weeks.

Apple’s Safari 5 can be downloaded from the Safari website for both Mac and Windows.

Rumors are starting to circulate suggesting that extensions might be on their way for Apple’s Safari browser, bringing it into line with other browsers such as Firefox and Chrome.

Technology enthusiast and blogger John Gruber has alluded that such an announcement might be made at this years Worldwide Developer Conference (WWDC).

“The other big thing that’s missing (compared to both Chrome and Firefox) is a proper extension API. If only Apple had an imminent developer conference where they could unveil such a thing” wrote Gruber.

While not exactly confirmation, the possibility of an announcement at this years WWDC is entirely plausible, and would be a very welcomed addition to the Safari browser.

We will keep you updated if this story continues to develop over the coming weeks.

Details have emerged of a new high risk vulnerability discovered in Apple’s Safari web browser.

The exploit could allow a malicious user to execute arbitrary code on a remote system and is rated highly critical by Secunia.

“The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows” says the Secunia security advisory.

The vulnerability affects both Mac OS X and Windows versions of the browser. Apple is yet to release an update to close the flaw.

Tags: , , , , , , Categories: Safari Comments Off

Apple has released a new version of Safari, taking the browser to version 4.0.5.

According to Apple, the release fixes several issues:

This update is recommended for all Safari users and includes improvements to performance, stability, and security including:

  • Performance improvements for Top Sites
  • Stability improvements for 3rd-party plug-ins
  • Stability improvements for websites with online forms and Scalable Vector Graphics
  • Fixes an issue that prevented Safari from changing settings on some Linksys routers

Mac and Windows users can download the update from the Safari website, or it will be pushed out via Apple’s Software Update tool.

Tags: , , , , Categories: Safari Comments Off

SafariApple have pushed out an update for Safari users, taking the browser to version 4.04.

The update improves JavaScript and History performance, while also fixing 6 security holes.

This update is recommended for all Safari users and includes improvements to performance, stability, and security including:

  • Improved JavaScript performance
  • Improved Full History Search performance for users with a large number of history items
  • Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail

For detailed information on the security content of this update, please visit this site: http://support.apple.com/kb/HT1222.

The update will pushed out to existing Safari 4 users, or can be downloaded from Apple’s Safari website.

Apple has released a new version of Safari, fixing several security and stability issues.

SafariThe update according to Apple includes the following changes:

  • Stability improvements for webpages that use the HTML 5 video tag
  • Stability improvements for 3rd-party plug-ins
  • Stability improvements for Top Sites
  • Fixes an issue that prevented some users from logging into iWork.com
  • Fixes an issue that could cause web content to be displayed in greyscale instead of color

The update is available for both Mac and Windows and can be downloaded from the Safari website.

Apple has released Safari 4.0.2 for both Mac and Windows, which is available through either software update or through the Safari website.

The update addresses two security vulnerabilities and improves the stability of the Nitro JavaScript engine used by Safari and are described below:

  • An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
  • A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.

The update is recommended for all Safari users.

SafariApple has released an update to Safari for Mac only. The update “addresses incompatibilities between Safari 4.0 and certain features in iPhoto ’09, including Places and Facebook publishing”.

The update is available to Mac users through the software update menu in OS X.

Tags: , , Categories: Safari Comments Off