Archive for the ‘Safari’ Category

Apple Safari 5.0.1 has been released, alongside Safari 4.1.1 fixing last weeks auto-fill vulnerability.

Safaro 5.0.1 also enables extensions for the browser, with Apple also releasing a gallery with some of the early Safari 5 extensions.

Apple has also released a security bulletin explaining the vulnerabilities that have been fixed.

Safari 5.0.1 can be downloaded from the Apple website, while extensions can be downloaded from the new Safari Extensions Gallery.

Tags: , , , , , , Categories: Safari Comments Off on Safari 5.0.1 released

A new security vulnerability has been found in Apple Safari’s Autofill feature, which can allow malicious websites to extract users personal information from their Address Book.

“All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker” wrote security researcher, Jeremiah Grossman.

Grossman submitted the vulnerability to Apple on 17th June, but Apple is yet to comment on the issue. Grossman has also released proof-of-concept code illustrating how the vulnerability works.

The vulnerability affects both Safari 4 and Safari 5 on Mac computers, with no patch in sight from Apple.

Apple’s Safari Extensions Gallery may be nearing launch, with Apple today sending out an email to registered developers reminding them to submit their Safari 5 extensions for inclusion in the gallery.

We’ll soon be launching the Safari Extensions Gallery, a new destination that provides you with an opportunity to increase the visibility of your Safari extension beyond your website.

The Safari Extensions Gallery will feature selected extensions that offer an innovative user experience. And a one-click installation process will allow users to seamlessly install extensions from a developer’s website without ever having to leave the Gallery.

Have your extension considered for the Safari Extensions Gallery. Submit your extension download URL and supporting metadata today.

While some extensions for the browser are currently available, Safari 5 users must manually enable extensions for them to work in the browser. A comprehensive list of early Safari 5 extensions can be found in the Safari Extensions blog.

Interested developers can submit their Safari 5 extensions at the Safari Dev Center.

Tags: , , , , Categories: Safari Comments Off on Apple’s Safari Extension Gallery close to launch

Get Microsoft Silverlight

In response to the recent release of Safari 5, Microsoft has released a video demonstrating the performance difference between the hardware acceleration found in Internet Explorer 9 and Safari 5.

“Since the release of the first Internet Explorer 9 Platform Preview at MIX back in March and the second in May, we’ve shown a lot of demos of IE9 with other browsers. Today, Apple announced and released Safari 5. We figured we would show IE9 and Safari 5 together running some of the demos from the Internet Explorer 9 Test Drive website. Watch the Frames Per Second (FPS) Counter” wrote Microsoft’s Brandon LeBlanc.

From the video it’s clear that IE9 is a long way ahead of Safari 5, with the first benchmark showing IE9 scoring an impressive 50 frames per second, while Safari 5 only manages 9.

LeBlanc also revealed that IE9 Developer Preview has been downloaded over 1,000,000 times. Rumors are also appearing suggesting we may see a beta release very soon. We will keep you updated.

Tags: , , , , Categories: Internet Explorer, Safari Comments Off on IE9 vs Safari 5 Hardware Acceleration

With the release of Safari 5 yesterday, we are already starting to see some extensions. To use these extensions however, users must first turn this ‘pre-release’ feature on.

Doing so fortunately is very easy. Navigate to the Preferences window (File->Preferences on a Mac, or Edit->Preferences on a PC), click the Advanced tab, and tick the Show Develop menu in menu bar option. Finally click the Develop menu and click Enable Extensions. You can now install extensions in Safari.

Some early stand outs include Reload Button, AdBlock for Safari, Gmail Checker, and Safari Shortener.

A comprehensive list of Safari extensions can be found in the Safari Extensions blog.

In a release that had been hinted at in late May, Apple has released Safari 5 to the world, for both Mac and Windows users.

Performance of the updated browser has seen Apple’s Nitro JavaScript engine speed increase by 30% over its predecessor. Safari 5 new DNS pre-fetching and improved caching which helps web pages load faster.

HTML5 support has also been improved, with support for over 17 new HTML5 tags and features. HTML video now supports full-screen and closed captions.

Perhaps the most impressive feature of Safari 5 is the new Safari Reader. This nifty feature removes ads and other distractions from online articles. Safari 5 automatically detects when you are reading an article, and can be activated by clicking the new reader button which will appear in the address bar.

Most pleasing to current add-on and extension users is that Safari 5 will now support user generated extensions, which are expected to launch in an online Apple gallery in the coming weeks.

Apple’s Safari 5 can be downloaded from the Safari website for both Mac and Windows.

Rumors are starting to circulate suggesting that extensions might be on their way for Apple’s Safari browser, bringing it into line with other browsers such as Firefox and Chrome.

Technology enthusiast and blogger John Gruber has alluded that such an announcement might be made at this years Worldwide Developer Conference (WWDC).

“The other big thing that’s missing (compared to both Chrome and Firefox) is a proper extension API. If only Apple had an imminent developer conference where they could unveil such a thing” wrote Gruber.

While not exactly confirmation, the possibility of an announcement at this years WWDC is entirely plausible, and would be a very welcomed addition to the Safari browser.

We will keep you updated if this story continues to develop over the coming weeks.

Details have emerged of a new high risk vulnerability discovered in Apple’s Safari web browser.

The exploit could allow a malicious user to execute arbitrary code on a remote system and is rated highly critical by Secunia.

“The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows” says the Secunia security advisory.

The vulnerability affects both Mac OS X and Windows versions of the browser. Apple is yet to release an update to close the flaw.

Tags: , , , , , , Categories: Safari Comments Off on High risk Safari vulnerability published

Google has done the “impossible” to show the power of HTML5, and ported Quake II to run in the web browser in what seems another dig at Adobe’s Flash.

The move seems a little contradictory, with Google announcing just last week that they were bundling Adobe’s Flash with Chrome. Either way, a lot of work appears to have gone into porting the game.

“We started with the existing Jake2 Java port of the Quake II engine, then used the Google Web Toolkit (along with WebGL, WebSockets, and a lot of refactoring) to cross-compile it into Javascript. You can see the results in the video above — we were honestly a bit surprised when we saw it pushing over 30 frames per second on our laptops (your mileage may vary)” said Google’s Chris Ramsdale.

Right now, the game will only run in Google Chrome and Safari, and the port can be downloaded by visiting the Google code page.

After day 1 of Pwn2Own, web browsers appear to have taken a big hit, but Google’s Chrome appears to have come out unscathed.

It didn’t take long, with Safari 4 on Mac OS X Snow Leopard the first victim thanks to the work of Charlie Miller. Millers set up a remote exploit at a web site through which a conference organisers MacBook was taken control after surfing to it.

Internet Explorer 8 on Windows 7 was next, with a similar exploit allowing Peter Vreugdenhil to take control of an organisers laptop once they browsed to a website with the infected code.

Firefox 3 was also exploited on Windows 7 using a memory corruption vulnerability, with another exploit that allows a remote attacker access to a users PC.

Both Opera and Google Chrome were not hacked, with Charlie Miller stating “there are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.”

All systems were patched and updated to their latest versions, with the exploits used to remain a secret until browser makers can update their browsers.

Tags: , , , , , Categories: Chrome, Firefox, Internet Explorer, Safari Comments Off on Safari, Firefox, and IE hacked at Pwn2Own