Uitgavegeschiedenis Safari

Hieronder vindt u beschrijvingen van de wijzigingen en vernieuwingen in de opeenvolgende versies van Safari.

Safari 5.0.2

Door redactie op 8 september 2010 - 09:09

Safari 5.0.2 is verschenen. In deze release van Apples browser worden enkele verbeteringen doorgevoerd en beveiligingslekken dichtgemaakt. Een probleem met het invullen van formulieren is opgelost en ook een fout bij de weergave van zoekresultaten van Google afbeeldingen als Flash 10.1 is geïnstalleerd is verholpen.

Safari voor Windows krijgt een beveiligingsupdate voor het kritieke DLL-lek in Windows dat tientallen programma's teistert. Safari voor Mac OS X heeft geen last van het DLL-lek aangezien dit een exclusief Windows-probleem is. Verder worden twee gaten in rendering engine WebKit dichtgeplakt.

Lees de verdere veranderingen hieronder in de uitgave-opmerkingen. Safari 5.0.2 is de standaard browser voor Mac OS X en is los te downloaden voor Windows XP, Vista en 7.

Release notes:

Snow Leopard, Leopard

This update contains improvements to compatibility and security, including the following:

Fixes an issue that could prevent users from submitting web forms
Fixes an issue that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1 installed
Establishes an encrypted, authenticated connection to the Safari Extensions Gallery

Windows

This update contains improvements to compatibility and security, including the following:

Fixes an issue that could prevent users from submitting web forms
Establishes an encrypted, authenticated connection to the Safari Extensions Gallery

Download: 

Download Safari 5.0.2

Bron: 

Apple

  • 1935 keer gelezen

Safari 5.0.1

Door redactie op 29 juli 2010 - 09:07

Apple heeft versie 5.0.1 van zijn Safari browser uitgebracht. Deze uitgave kent één belangrijke verandering ten opzichte van versie 5.0: de extensie-functionaliteit is geactiveerd. Vanaf nu kunt u - net als in bijvoorbeeld Firefox - allerlei uitbreidingen voor Safari installeren via het menu-item Safari Extensions Gallery (extensions.apple.com). U kunt de extensies beheren via het menu Voorkeuren | Extensies. De keuze is nog niet zo groot als bij Firefox, maar toch zijn al enkele tientallen interessante extensies te downloaden voor Safari.

Verder worden in deze update voor Apples browser diverse veiligheidslekken gedicht en stabiliteitsproblemen opgelost. 15 lekken worden gerepareerd, waarvan 13 in de WebKit rendering engine zitten en 2 in andere onderdelen van Safari. Zo wordt ook de vorige week geopenbaarde kwetsbaarheid in de AutoAanvullen functionaliteit van Safari verholpen. Ook is een stabiliteitsprobleem met Google Wave gefixt.

Safari 5.0.1 is verkrijgbaar voor Mac OS X en Windows XP, Vista en 7.

Release notes:

Safari 5.0.1 Software Update  (Windows)

New in this update: 

  • Safari Extensions
  • Customize Safari with features created by third-party developers
  • Find extensions in the Safari Extensions Gallery, accessible from the Action menu and extensions.apple.com

This update also contains improvements to stability and security, including the following:

  • More accurate Top Hit results in the Address Field
  • More accurate timing for CSS animations
  • Better stability when scrolling through MobileMe Mail
  • Fixes display of multipage articles from www.rollingstone.com in Safari Reader
  • Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems 
  • Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image
  • Fixes an issue that prevented boarding passes from www.aa.com from printing correctly
  • Fixes an issue that could cause DNS prefetching requests to overburden certain routers

For detailed information on the security content of this update, please visit this site: About Apple Security Updates.

Download: 

Download Safari 5.0.1

Bron: 

Apple

  • 3050 keer gelezen

Safari 5.0

Door redactie op 8 juni 2010 - 11:06

In navolging van Google Chrome is Safari nu ook bij versie 5 aanbeland. Zowel Googles als Apples browser zijn op het open source project WebKit gebaseerd.

Nieuw in Safari 5.0 is Safari Reader waarmee artikelen op webpagina's makkelijker gelezen kunnen worden. Als u op een website op de Reader-knop in de adresbalk van Safari klikt dan worden advertenties en animaties verwijderd en krijgt u alleen de tekst van het artikel op de webpagina te zien (dit werkt bij weblogs en nieuwsartikelen). De leeservaring van websites zal hierdoor ongetwijfeld verbeterd worden. Of advertentiebedrijven, zoals concurrent Google, hier zo blij mee zijn valt te betwijfelen. Firefox beschikt trouwens ook over deze functionaliteit door middel van de extensie Readability.


Safari Reader (knop is omcirkeld) geeft alleen de tekst van een pagina weer, zonder advertenties

Andere vernieuwingen zijn dat Bing als optionele zoekmachine naast Google en Yahoo! is toegevoegd en een verbeterde ondersteuning voor veel HTML5-functionaliteit, zoals Geolocatie, Drag and Drop en HTML5-video.

Ook is Safari 5 sneller dan zijn voorganger. Zo wordt JavaScript 25% sneller uitgevoerd dan in Safari 4. Het cachen (lokaal opslaan) van pagina's verloopt efficiënter en Safari 5 maakt gebruik van DNS prefetching waardoor internetten vlugger gaat. De beveiliging is aangescherpt door de toevoeging van XSS Auditor die cross site scripting aanvallen kan onderscheppen.

Verder kan in de adresbalk van Safari nu gezocht worden in de geschiedenis en de bladwijzers - ook op delen van de urls. Hardware acceleratie onder Windows is verbeterd, waardoor films en afbeeldingen soepeler worden weergegeven. En als u de privé-modus inschakelt in Safari 5 staat groot in de adresbalk PRIVÉ, zodat u dit niet vergeet.

In Safari 5.0 worden bovendien 48 beveiligingslekken gedicht. Updaten is dus sterk aan te raden. Na installatie onder Windows moet uw besturingssysteem opnieuw opstarten. Onduidelijk is waarom dit nodig is. Safari 5.0 is verkrijgbaar voor Mac OS X en Windows XP, Vista en 7.

Release notes:

This update contains new features including:

  • Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page.
  • Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing.
  • Bing Search Option: New Bing search option for Safari's Search Field, in addition to Google and Yahoo!.
  • Improved HTML5 support: Safari supports over a dozen new HTML5 features, including Geolocation, full screen for HTML5 video, closed captions for HTML5 video, new sectioning elements (article, aside, footer, header, hgroup, nav and section), HTML5 AJAX History, EventSource, WebSocket, HTML5 draggable attribute, HTML5 forms validation, and HTML5 Ruby.
  • Safari Developer Tools: A new Timeline Panel in the Web Inspector shows how Safari interacts with a website and identifies areas for optimization. New keyboard shortcuts make it faster to switch between panels.

Other improvements include:

  • Smarter Address Field: The Smart Address Field can now match text against the titles of webpages in History and Bookmarks, as well as any part of their URL.
  • Tabs Setting: Automatically open new webpages in tabs instead of in separate windows.
  • Hardware Acceleration for Windows: Use the power of the computer's graphics processor to smoothly display media and effects on PC as well as Mac.
  • Search History with Date: A new date indicator in Full History Search shows when webpages were viewed.
  • Top Sites/History Button: Switch easily between Top Sites and Full History Search with a new button that appears at the top of each view.
  • Private Browsing Icon: A “Private” icon appears in the Smart Address Field when Private Browsing is on. Click on the icon to turn off Private Browsing.
  • DNS Prefetching: Safari looks up the addresses of links on webpages and can load those pages faster.
  • Improved Page Caching: Safari can add additional types of webpages to the cache so they load quickly.
  • XSS Auditor: Safari can filter potentially malicious scripts used in cross-site scripting (XSS) attacks.
  • Improved JavaScript Support: Safari allows web applications that use JavaScript Object Notation (JSON) to run faster and more securely.

Improvements and fixes:

  • Performance improvements for Top Sites
  • Performance improvements for trackpad pinch gestures
  • Performance and stability improvements when pasting text
  • Stability improvements for auto-complete functions
  • Stability improvements when transferring images from Safari to iPhoto
  • Stability improvements when handling PDFs
  • Stability improvements when making comments in Facebook
  • Stability improvements when using eMusic.com
  • More reliable authentication to Windows IIS
  • Addresses an issue that prevented some users from dragging files when logged into etrade.com
Download: 

Download Safari 5.0

Bron: 

Apple

  • 4668 keer gelezen

Safari 4.0.5

Door redactie op 15 maart 2010 - 16:03

Safari 4.0.5 is voornamelijk een beveiligingsupdate voor Apples browser. Zo worden maar liefst zestien lekken in Safari 4.0.5 dichtgeplakt. Verder zijn de stabiliteit van enkele plugins en de weergave van websites met SVG vergroot en zijn de prestaties van Top Sites verbeterd. Ook is een probleem opgelost waardoor Safari veranderingen in de instellingen van Linksys-routers blokkeerde.

De opgeloste beveiligingslekken worden door Secunia als kritiek beoordeeld. Negen zitten in de onderliggende Webkit-engine die Apple gebruikt als motor voor Safari. Vier in de verwerking van afbeeldingen door Apples browser. Zes van de zestien lekken hebben trouwens alleen betrekking op de Windows-versie van Safari. De overige tien spelen zowel onder Windows als Mac OS X op.

Release notes:

  • Performance improvements for Top Sites
  • Stability improvements for 3rd-party plug-ins
  • Stability improvements for websites with online forms and Scalable Vector Graphics
  • Fixes an issue that prevented Safari from changing settings on some Linksys routers

Opgeloste beveiligingslekken:

  • ColorSync

    CVE-ID: CVE-2010-0040

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution

    Description: An integer overflow that could result in a heap buffer overflow exists in the handling of images with an embedded color profile. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. The issue is addressed by performing additional validation of color profiles. This issue does not affect Mac OS X systems. Credit to Sebastien Renaud of VUPEN Vulnerability Research Team for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2009-2285

    Available for: Windows 7, Vista, XP

    Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2010-001.

  • ImageIO

    CVE-ID: CVE-2010-0041

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0042

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website

    Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-0043

    Available for: Windows 7, Vista, XP

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Gus Mueller of Flying Meat for reporting this issue.

  • PubSub

    CVE-ID: CVE-2010-0044

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies

    Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the "Accept Cookies" preference. This update addresses the issue by respecting the preference while updating or viewing feeds.

  • Safari

    CVE-ID: CVE-2010-0045

    Available for: Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: An issue in Safari's handling of external URL schemes may cause a local file to be opened in response to a URL encountered on a web page. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved validation of external URLs. This issue does not affect Mac OS X systems. Credit to Billy Rios and Microsoft Vulnerability Research (MSVR) for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0046

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in WebKit's handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0047

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML object element fallback content. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative, for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0048

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's parsing of XML documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking.

  • Webkit

    CVE-ID: CVE-2010-0049

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the handling of HTML elements containing right-to-left displayed text. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi&Z of team509 for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0050

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of incorrectly nested HTML tags. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi&Z of team509 working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0051

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information

    Description: An implementation issue exists in WebKit's handling of cross-origin stylesheet requests. Visiting a maliciously crafted website may disclose the content of protected resources on another website. This update addresses the issue by performing additional validation on stylesheets that are loaded during a cross-origin request.

  • WebKit

    CVE-ID: CVE-2010-0052

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of callbacks for HTML elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

  • WebKit

    CVE-ID: CVE-2010-0053

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in the rendering of content with a CSS display property set to 'run-in'. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-0054

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A use-after-free issue exists in WebKit's handling of HTML image elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory reference tracking. Credit: Apple.

Download: 

Download Safari 4.0.5

Bron: 

Apple

  • 2307 keer gelezen

Pagina's