All posts in Safari

iOS 4.2 Brings New Features to Mobile Safari

iOS device users gained access to some pretty awesome perks yesterday when iOS 4.2 became available for download. iPad owners were finally rewarded by Apple for their patience with AirPlay, Wireless Printing and of course, multitasking. If you’re an iPhone user, you may have noticed a few new perks as well. However, it would appear that Apple also threw in a whole bag of awesome that they’ve kept on the down low.

As part of the testing of Safari and JavaScript he’d been doing for an upcoming project, mobile web development guru Maximilano Fritman found that Apple has baked a few new tricks into Mobile Safari, including accelerometer and gyroscope support, updated HTML 5 form support, the ability to support new JavaScript data types and enhanced SVG/Canvas support. What does it all mean? In simple english, how iOS device users interact with the internet is about to get a whole lot closer to what they experience when browsing the web from their computers. Better still, thanks to the accelerometer and gyroscope built in to late model iOS devices, you’ll be able to interact with mobile Safari simply by changing your device’s orientation.

That’s pretty sweet.

 

Follow this article’s author, Seamus Bellamy on Twitter

News

Safari 5.0 AutoFill Feature Could Leave Your Information Vulnerable

Click image to embiggen.

Security researcher Jeremiah Grossman discovered a security vulnerability that could give any website the ability to steal user information from Safari’s AutoFill feature that grabs user information from Address Book on the Mac. Apple countered Grossman by releasing Safari 5.0.1 that supposedly corrected the issue, but Grossman has found another potentially dangerous way to grab user information from Apple’s flagship web browser.

To get the user information, Grossman setup a “game” whereby the user needed to type a “U” to jump. When the user typed the U, the text was placed in the country field, telling Safari to go ahead and automatically fill out the entire form with personal user information, including first name, last name, city, state, email, phone, street, country, and the zip (or postal) code.

“To perform our attack requires tiny bit of end-user trickery. Two button presses to be precise. A malicious website detects (ie: IP address) the country the victim is from. For our purposes here we’ll assume the “US.” The attacker invisibly (CSS transparency) sets up the aforementioned form and forces the keystroke focus into the country element. Notice how this is done in the video on the right side of the screen, which only visible for demonstration purposes. Next the attacker entices the victim to type “U” (first character of “US”) and then press “TAB.” And BAM! That’s it! Data stolen,” says Grossman on his blog.

Grossman also posted a video showing the exploit in progress, which you can find on his post.

Apple has yet to address this potential exploit, but with any vulnerability like this, you can always combat the problem by turning off the affected feature. By disabling the AutoFill feature in Safari, you are essentially killing this hack. You can disable AutoFill by navigating to Safari > Preferences > AutoFill and unchecking the box labeled “Using info from my Address Book card.”

via MacRumors

 

Follow this article’s author, Cory Bohon on Twitter.

 

 

News

Apple Releases Updates for Safari and iDisk, Find My iPhone Apps

We’ve caught wind of a myriad of tres cool software updates pushed live today. For starters, your Safari just got a little more safer, which is great when you’re navigating an internet filled with hungry lions and angry giraffes. The new update fixes an issue that could prevent users from submitting web forms, as well as another issue that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1. Oh, that pesky Adobe Flash.

Additionally, the new Safari update establishes an encrypted, authenticated connection to the Safari Extensions Gallery. Quick, go get the one that prevents you from ever having to see Comic Sans ever again!

For those of you using Apple apps on your iPhone, iPod touch, or iPad, the official iDisk app also got an update. Version 1.2.1 fixes an issue that prevented package files (like Keynote ones) from opening in their corresponding iPad apps. Rotated images are now shown in the correct orientation when opened.

Also, for those of you paying the annual subscription free for MobileMe, the service has a new update pushed live today that addresses issues when publishing your website from iWeb to MobileMe.

Lastly, Find My iPhone also has an update that adds support for the new iPod touch, translation fixes for French, German and Japanese languages, and various other bug fixes.

Follow this article’s author, Florence Ion, on Twitter.

News