Security News

If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. With macOS Big Sur improvements on the way, there's no doubt that Safari can handle responsibility.

During the pre-taped keynote at Apple's Worldwide Developers Conference, the company promised to pump up data protection even more with gobs of new features in its upcoming iOS 14, macOS Big Sur, and Safari releases. The big ones include the option for users to decline apps' ad tracking.

Independent security researcher Ryan Pickren has revealed how a malicious website could hack Apple's Safari browser on iOS and macOS to spy on the user through the computer's camera without prompting for permission. Apple fixed the issues with Safari 13.1, crediting Pickren for three bug reports in the patch release notes.

To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one malicious link. Security researcher Ryan Pickren has revealed details on seven flaws in Safari, including three that could be used in a kill chain to access victims' webcams.

"The long wait is over," Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users. We've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.

Apple this week announced that third-party cookies are now blocked by default in Safari on macOS, iOS and iPadOS. The feature represents the latest enhancement the Cupertino-based company brought to its Intelligent Tracking Prevention and is meant to improve the privacy of its users by removing previously accepted exceptions. Due to continuous improvements made to ITP, most third-party cookies were already blocked in Safari, but other browser makers are also moving toward blocking cookies by default, and Apple decided to make the final step before others.

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes. Of the CVEs disclosed, 30 affected Apple's iOS, 11 impacted Safari and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1 and macOS Catalina 10.15.3.

Apple has released an update to its Safari browser that blocks third-party cookies, following an announcement by Google that it would do the same for its Chrome browser. Through the release of Safari 13.1 on Tuesday, alongside some changes to Apple's Intelligent Tracking Prevention in iOS and iPadOS 13.4, the company now blocks all third-party cookies by default in its browser, according to a blog post by the engineer behind Apple's WebKit, John Wilander.

That browser makers were voted down might explain why Apple has decided to enforce the change unilaterally, apparently against the wishes of the Certificate Authorities which issue certificates as a business. The browser makers are adamant that reducing validity is good for security because it reduces the time period in which compromised or bogus certificates can be exploited.

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks.