Items tagged with Safari

A security researcher who discovered a over half a dozen zero-day vulnerabilities in the Safari browser has lined his pockets with $75,000, courtesy of Apple's bug bounty program. Left unaddressed, a few of the vulnerabilities could allow an attacker to hijack the webcam on Mac systems, as well as iPhone and iPad devices. Ryan Pickren detailed the vulnerabilities in a pair of blog posts. He found seven in total (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were directly related to potentially taking over the webcam or camera on macOS and iOS devices. "If a malicious website strung these issues together, it could... Read more...
Up until last month, an anti-tracking featured introduced to Apple's Safari browser in 2017 actually left users potentially more susceptible to being tracked by hackers due to multiple vulnerabilities discovered by Google's engineers. Fortunately, Apple patched the security holes in December, though it's a bit of an unsettling situation. The feature in question is called Intelligent Tracking Prevention. It leverages a machine learning model to classify which top privately-controlled domains are able to track users from one site to another, based on a set of collected statistics. If the site is one the user frequently visits, it is allowed to perform cross-site tracking. But if it's a site the... Read more...
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all). The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition... Microsoft Edge (old version, not Chromium):... Read more...
As part of the built-in protection in Safari to keep iOS users safe from malicious websites, Apple sends to browsing data to Tencent, a technology firm in China. This is revealed in an updated privacy notice, in which Apple says Tencent "may also log your IP address" in addition to the web address. Apple is not being nefarious here. Quite the opposite, at least in intent—when an iOS user visits a website, the URL and, in some cases, their IP address is sent off to be cross checked against known fraudulent websites. This step serves as an additional layer of protection against being caught up in a phishing scam. Previously in the US, Apple relied on Google and it's Safe Browsing service... Read more...
When it comes to the default search on web browsers -- be it on mobile or on the desktop -- most people don't bother switching to another provider. That's why it's so important for companies like Google or Microsoft to have their search engine as the "default" for as many browsers as possible. Google Chrome is the most popular browser on the planet, so there's no question that it has Google Search set by default. However, what about the Safari browser in iOS? Apple might only hold around 15 percent of the global market with regards to smartphone operating systems, but that still represents hundreds of millions of devices. Google wants its search engine primely positioned as the default in the... Read more...
Have you noticed that YouTube pages appear to load slower in Edge, Firefox, and Safari compared to Google's own Chrome browser? If so, you are not alone. Google redesigned the YouTube experience last year, but the site still uses an older shadow API that is only used in Chrome, which makes other browsers render YouTube much slower. Chris Peterson, a program manager at Mozilla, noticed the performance disparity and posted about the topic on Twitter. According to Peterson, the YouTube page loads five times slower in those other browsers "because YouTube's Polymer redesign relies on the deprecated Shadow DOM v0 API only implemented in Chrome." YouTube page load is 5x slower in Firefox and Edge than... Read more...
When it comes to onboard RAM, Android smartphones often come fully stocked. These days, you expect at least 2GB of RAM on all but the most low-end devices. 3GB is common with most flagships, and some recently released Android smartphones come packing 4GB of RAM. However, Apple has always been stingy when it comes to the amount of RAM included on its smartphones (although it could be argued that iOS memory management is a bit better than what's found on Android). The iPhone 5, which was introduced back in 2012, gave us 1GB of RAM — but the iPhone has been stuck at the same 1GB through the releases of the iPhone 5S (2013) and iPhone 6/iPhone 6 Plus (2014). Apple is now ready to give customers more... Read more...
Chrome on OS X is a battery hog. It’s been known for a while that compared to Apple’s stock Safari browser, Chrome has a tendency to eat up CPU cycles and use excess amounts of memory. Google took a step earlier this month to combat this problem by reining in the much-hated Adobe Flash Player plugin. Using what Google calls “Intelligent Pause,” Chrome can decide for itself whether a particular Flash element is worth displaying to the user. If isn’t, it will be disabled, thus helping to save your laptop’s battery from prematurel discharging. But Adobe isn’t the only party at fault when it comes to Chrome’s power-wasting past. Google has to share part of the blame, with senior Chrome engineer Peter... Read more...
It's always fun to see which security flaws get exploited at Pwn2Own, and this year's event has proven to be no exception. In fact, it could be considered to be one of the most exciting events to date, with JungHoon Lee exploiting three major browsers, and securing a record $110,000 payout for one of the flaws. Starting the day off, JungHoon (aka: lokihardt) breached a time-of-check to time-of-use vulnerability in the 64-bit version of Internet Explorer, breaking out of the sandbox via a privileged JavaScript injection, allowing him to execute medium-integrity code. This flaw netted JungHoon $65,000. His second proof-of-concept was the big one, worth $110,000. It affects both the stable and beta... Read more...
Apple issued an update to its Safari web browser earlier this week that was supposed to patch more than a dozen security vulnerabilities, but has now pulled it offline due to issues affecting some users. Those affected by the buggy update say that it reports installing correctly, but actually removes the browser from their system. Apple's only solution at the moment is to go nuclear and reinstall OS X. "Guys it seems that you have to reinstall OS X - I know it's a bummer but I am chatting live with the folks at Apple and that's what they say so far. You could also wait and see if this becomes systemic and see if Apple has a solution for it that is less drastic," a user wrote on Apple's support... Read more...
Apple didn't reveal a new iPhone, iPad, or iPod during its recent Worldwide Developers Conference (WWDC), nor did the Cupertino company unveil any new systems or hardware of any kind. Instead, it was all about the software, first with a focus on OS X Yosemite and it's pretty new trash can, followed by iOS 8 for mobile devices. With iOS 8, shopping will be a lot snappier -- literally. The folks at 9to5Mac spotted a new feature in the Safari browser for iOS 8 that lets users scan their credit cards using their mobile device's built-in camera. For folks who take advantage of the feature -- and who don't have their credit card numbers memorized -- this would replace manually punching in the digits.... Read more...
The United States Computer Emergency Response Readiness Team (US-CERT) has taken interest in a pair of security updates Apple released for its Safari web browser. These include Safari 6.1.4 and Safari 7.0.4, which are available to download now for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.3. "Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service," US-CERT said in a statement. Apple didn't touch on the DoS claim, though the company did say that visiting a maliciously crafted website could lead to an unexpected application... Read more...
This shouldn't come as a complete shock to anyone who's been around the online block a time or two, but no web browser is 100 percent secure. That much was once again proven at the annual Pwn2Own hacking event held at the CanSecWest security conference. By the second day of the event, every major browser had fallen -- Firefox (Mozilla), Chrome (Google), Internet Explorer (Microsoft), and Safari (Apple). Not all browsers are created equal, however, and out of the bunch, Firefox had the unwanted distinction of being the most exploited. Security researchers participating in the event were able to exploit vulnerabilities in Firefox three separate times on the first day of the event, plus one more... Read more...
The web is a jungle filled with potential danger at every turn, and if you plan to surf through it with Safari, well, that's certainly your prerogative. However, be aware that it's not the safest vehicle for navigating cyberspace, and we're not talking about just the dated version that's available for Windows, either -- a recent version of Safari on Mac OS has a pretty big security flaw. Kaspersky Labs discovered through its Securelist division that Safari essentially leaves you with your pants around your ankles when saving a previous browsing session. The ability to restore a previous browsing session is something Safari is able to do, as can most other modern browsers, however the method by... Read more...
As expected, Apple unloaded a slew of announcements at its WWDC today, including an update of the venerable Mac OS X, a couple of refreshed MacBook Air notebooks with Intel Haswell processors inside, and a totally redesigned Mac Pro. In OS X Mavericks, Apple is eschewing the big cat-themed naming scheme while adding some new features. First, there’s Finder tabs, so when you have multiple Finder windows open, you can just group them together into one windows with multiple tabs; additionally, you can drag items between tabs, which is a nice touch. Another nifty new Finder-related feature is the ability to add tags to a document when you save it, which makes for much easier searching. The... Read more...
Many long-time Mac users likely both fondly remember the Camino web browser and also have forgotten all about it in recent years, as the Safari browser has primarily taken over on Apple’s Mac OS X systems. It’s perhaps fitting, then, that the team behind Camino has looked around at the current browser market and is now gracefully bowing out after about a decade-long run. Camino 2.1 Originally launched as “Chimera”, Camino was a great alternative to Internet Explorer before there was a Firefox, Chrome, or Safari. In fact, according to the blog post announcing the end of Camino, Stuart Morgan noted that some Camino developers have gone on to work on the aforementioned browsers,... Read more...
It has been over six years since Apple introduced the iPhone. Millions of apps have been written for the platform in that time, with collective downloads into the billions. Apple's App Store is a thriving marketplace with a huge amount of software available on virtually any topic you can think of. But not Microsoft Office. There are plenty of third-party applications that handle Word and Excel files, but no apps from Microsoft itself. Office documents can be viewed through the SkyDrive application, but there's no editing capability. There's a version of Office for iOS supposedly in the works, but Microsoft CEO Steve Ballmer threw cold water on the idea when asked about upcoming events for the... Read more...
Apple perfected a vertical market when it developed the iPhone, iOS, and the App Store, effectively walling off the garden, as it were. In fact, the only real loophole for evading the standards and practices of the App Store was the Safari Web browser, which of course flung open the doors to the Internet with a single tap. Amazon has now taken that loophole and exploited it in a major way by making its entire 22 million-song MP3 library available for purchase on iOS devices. The Amazon MP3 Store's mobile website for the aforementioned iOS devices has been optimized using HTML5, thus enabling purchases directly from Amazon with the availability of immediate playback using the Amazon Cloud Player... Read more...
Microsoft earlier this week rolled out a streamlined design for its social sidebar feature for Bing, making it easier to find contacts relevant to your search query based on what they've shared, blogged, or tweeted. That same feature has now been ported over to the Safari browser on iPad tablets, including the iPad mini. "Whether you're planning your night out or trying to decide where to vacation next, the sidebar now shows you upfront what friends and experts have shared -- making it easier for iPad users to get stuff done," the Bing Team explained in a blog post. Getting it up and running is a simple affair. You just need to head over to Bing and authenticate your Facebook profile under Sign... Read more...
The software engineers at Apple have been busy updating programs the past several days, including a bug stomping update to iOS 6 that's available to Developers (beta) and, more recently, tweaks to the Safari browser. Safari 6.0.2, available for OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.2, addresses a handful of JavaScript vulnerabilities. "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution," Apple disclosed in a support document regarding the security content of Safari 6.0.2. The update is primarily intended to protect Safari users from drive-by download attacks, not only by addressing JavaScript... Read more...
In an age where data is everything, the constant give-and-take over giving up a certain amount of digital privacy in exchange for free services (Facebook, Google products, etc.) can often veer into murky waters. This week, Stanford researcher Jonathan Mayer spotted Google neck deep in it, and the Wall Street Journal broke the story wide open. Lots of companies all over use cookies to track our Web habits so they can target ads at us. There are ways to block cookies, but Apple’s Safari browser blocks most third-party cookies by default, so users don’t have to mess with it. Google apparently developed a way to secretly get around the blocks: It found a loophole in Safari’s privacy... Read more...
Last week, Mozilla released Firefox 5--just three months after launching Firefox 4. While the company had previously indicated it was moving to a faster release schedule and a whole-number versioning system, the launch caught many users, particularly corporations, off guard. Mozilla claimed that a rapid release schedule would allow it to deliver "new features, performance enhancements, security updates and stability improvements to users faster." In the eight days since FF5 debuted, some 55 percent of FF4 users auto-updated to the new edition. Web tracking data indicates that the number of Firefox 4 users dropped from 16 percent to 7.2 percent, while Firefox 5's market share increased from 0.5... Read more...
1 2 3 Next