This Week's Sponsor:

DEVONTHINK

Store, Organize, and Work the Smart Way

Posts tagged with "safari"

Safari 5.0.1 Addresses AutoFill Security Vulnerability

If you haven’t updated to Safari 5.0.1 yet for Safari Extensions, maybe you should to address a recent security vulnerability? MacRumors reports that the latest update addresses a critical flaw that could allow malicious sites to gather Address Book information. According to Apple,

Safari’s AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book.  By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction.

For more information regarding the security content of Safari, be sure to check out Apple’s official document here: http://support.apple.com/kb/HT4276

[via MacRumors]

Apple Releases Safari 5.0.1, Launches Safari Extensions Gallery

Yesterday, we got to play with a slew of new iMacs, a new Magic Trackpad, and a six pack of Apple rechargeable batteries. New devices in hand, you may want to navigate over to your nearest Software Update. Not only might you have  a new gesture in store, as of this morning, you can get an update to Safari v 5.0.1.

On top of that, Apple has launched their latest Safari Extensions Gallery which is chock full of awesome new software. If you visit extensions.apple.com in a non-Safari or outdated browser, you’ll get a basic info page. Once updated, you’ll be received with a warming welcome and new toys to play with via plentiful download links. Check out the PR after the break.

Read more

Why You Should Disable your Browser Autofill

Geeking out on all things security, Jeremiah Grossman details an interesting attack that could steal information stored in a web browser for use in autofill.

These fields are AutoFill’ed using data from the users personal record in the local operating system address book. Again it is important to emphasize this feature works even though a user never entered this data on any website. Also this behavior should not be confused with normal auto-complete data a Web browser may remember after its typed into a form.

All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.

Read more

Coda Notes for Safari

In a few weeks Apple will launch the official Safari extensions gallery, so you’d better hurry and go submit yours now. But in the meantime, unofficial Safari extensions websites have flourished all over on the internet.

The current state of Safari extensions? There are a few great ones, lots of cool ideas, hundreds of stupid and buggy userscripts ported to Safari. Last night the Panic team offered an exclusive Twitter preview of their upcoming Safari extension, Coda Notes, which they previewed at the WWDC in June.

Read more

Ostrich: A Twitter Client for Safari

We’re still waiting for Tweetie 2.0 for Mac to be announced (though we’ve heard something new is going on this week) yet a lot of developers haven’t given up on developing and refining their own unofficial Twitter clients. And since Apple released Safari 5 with the possibility to install extensions on it, it was just a matter of time until someone developed a “full-featured” Twitter client for it.

Meet Ostrich.

Read more

PadEdit: iPad-optimized IDE On Your Server

The iPad comes with a great default browser, built on top of another great technology called Webkit. Safari for iPad makes browsing from a tablet feel good, and I haven’t find a single alternative in the App Store worth replacing Apple’s default app.

If there’s a webapp that showcases the great capabilities of Safari for iPad, that’s PadEdit.

Read more