Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Safari 5 Adds Security Features and Improved Developer Tools

With the excitement surrounding Apple’s iPhone 4 at its World Wide Developer Conference (WWDC) yesterday, Apple decided not talk about the latest version of its Web browser during the Keynote,Safari 5 Security instead making the announcement and releasing the product later in the day.

With the excitement surrounding Apple’s iPhone 4 at its World Wide Developer Conference (WWDC) yesterday, Apple decided not talk about the latest version of its Web browser during the Keynote,Safari 5 Security instead making the announcement and releasing the product later in the day. In addition to expanded HTML5 support, an upgraded “Nitro JavaScript Engine” and other features, Safari 5 adds some enhanced performance and security features useful to both developers and end users.

With the release of Safari 5, Apple will provide Safari developers with tools to create a digital certificate for extensions. Safari extensions must be signed with an Apple-provided digital certificate. The certificate protects the extensions from tampering and ensures that updates come only from the developer that owns it.

In addition, Safari extensions include built-in defenses like sandboxing which safeguards extensions from being used to access information on a user’s system. Built with standard web technologies, Safari extensions execute right in the browser, reducing the chance of an extension causing crashes or instability.

While not Safari 5 Web  Inspectorexactly a pure “security” feature, an improved Web Inspector lets users view how Safari interacts with websites. Loading, scripting, and rendering timelines show how and when Safari parses HTML, executes JavaScript, and performs other operations with a web application. Additional improvements to the Web Inspector make it easy for developers to pinpoint areas for optimization and can be a useful tool for security researchers and QA teams. 

In addition to new security features and functions, Apple also fixed other vulnerabilities including CSS history hacks, potential HTTPS to HTTPS data leaks and more. A full detail of the security content for Safari 5 is available here.

Safari 5 is available for download at: http://www.apple.com/safari/download/

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.