Safari

http://vimeo.com/102142106

The popular password and security management app 1Password has already previewed its iOS 8 extension and Touch ID support for unlocking and accessing its content outside of its iOS app, and today AgileBits has announced its 1Password app extension for third party apps as you can see in the video above.
Expand
Expanding
Close

Earlier this month Apple seeded the first beta versions of Safari 7.1 (for Mavericks) and 6.2 (for Mountain Lion) to developers. Tonight a second beta has been published. Interestingly, aside from the focus areas outlined with the previous beta, Apple is also requesting that developers taking this beta for a spin try out the password and credit card auto-fill feature.

The 7.1 and 6.2 updates are expected to be the last big updates to those specific versions of Apple’s browser before the release of OS X Yosemite, which ships with Safari 8. The 7.1/6.2 update features big changes to the WebKit engine and extensions systems built into Safari. You can find the full seed notes for this beta below:

Expand
Expanding
Close

 

Apple has released a new beta version of Safari to beta testers in the AppleSeed program and Mac developers. The new version for Mavericks is 7.1, while Moutain Lion users will see version 6.2. The update includes several upgrades to the WebKit engine that powers the browser.

According to the release notes, the changes include support for WebGL, IndexedDB, and JavaScript tweaks, among other things. There is also apparently a change to the way the app handles extensions, as the beta disables all installed add-ons by default and the notes request that developers check for any compatiblity issues.

Version 7.1 will likely be the last major update to Safari for Mavericks before the launch of OS X Yosemite, which will include the all-new Safari 8. The full seed notes for this beta are below:

Expand
Expanding
Close

Two weeks following the 2014 Worldwide Developers Conference and the release of the first beta build of iOS 8 to developers, Apple has provided iOS 8 beta 2 to developers. The new release is available over-the-air in iOS 8’s Settings menu, and it’s available for supported iPhones, iPads, and iPod touches.

iOS 8 officially launches this fall and includes several new features for both consumers and developers alike. iOS Device users will experience a new Health app for integrating health and fitness data, improvements to Safari, enhanced Messages features, design tweaks in Mail, and significant changes to notifications, photo management, and the keyboard. Developers will now be able to create third-party keyboards, integrate the Touch ID fingerprint scanner into apps, and integrate third-party home automation products with iOS.

We’ll be updating this post (below) with new features in iOS 8 beta 2 as they are discovered, and you can share your findings with us via email at tips@9to5mac.com. 

Expand
Expanding
Close

In iOS 8, Apple is making the process of logging into apps a much smoother experience by allowing native iOS apps to access usernames and passwords stored in Safari. The new feature, which works by letting iOS apps tap into Safari’s AutoFill & Passwords feature, will allow users to login to apps with a simple tap rather than having to type login info. Imagine your username and password are stored in Safari’s AutoFill for Facebook, for example. When launching the native Facebook iOS app, the feature will let users select from passwords stored in Safari to quickly login (as pictured above with Apple’s demo “Shiny” app).
Expand
Expanding
Close

As we reported in May, Apple is working on a split-screen multitasking feature for iPad apps for a version of iOS 8. The feature, akin to the key productivity function on the Microsoft Surface, was not announced at WWDC last week, but code references to the feature have been found across the iOS 8 Software Development Kit.

Now, developer Steven Troughton-Smith has dug further into the upcoming split-screen multitasking feature and has hacked the iOS 8 iPad Simulator to make the function partially work. As can be seen  above, Safari is taking up half the display. The tweaking to the simulator is yet to completely unlock all functionality with two different apps running side by side, but this demonstrates that Apple has been definitely testing the feature internally.

Troughton-Smith has also put together a video showing the split-screen mode in action on the simulator. That video can be seen below:

Expand
Expanding
Close

Now you’ve had a chance to catch up on our coverage of the main new features of iOS 8 and OS X Yosemite, and seen our hands-on videos (iOS 8 overview, OS X Yosemite overview, iOS 8 Spotlight and iOS 8 interactive notifications), we’d like to hear your first impressions of each.

Whether you’re blown away by all the new features, disappointed by things you wanted but didn’t get, or just a bit underwhelmed, here’s your chance to let us know.

We’ve summarized the features Apple has chosen to highlight, and there are separate polls for each platform … 
Expand
Expanding
Close

With an estimated half a million sites vulnerable to the “Heartbleed” vulnerability revealed earlier this week, which allows an attacker to access user details of websites previously believed to be secured by industry-standard SSL/TLS, your favorite social networks, stores, and other services around the web could potentially be handing out your password or other personal information to anyone who exploits the issue.

The bug exists in a library called OpenSSL, which is an open-source SSL implementation that many—but not all—web services use to secure sensitive traffic. If a website you use is affected by the bug, your personal data could be given to just about anyone. Unfortunately, changing your password on an unsecure site won’t even help unless the site’s owners have installed a fix (because the attackers can simply exploit the bug again to get your new password).

This serious issue affects a number of high-profile sites, but it seems your Apple ID is safe. Today, Apple gave the following statement to Re/code:

Expand
Expanding
Close

 

After updating iWork for iCloud and its Mac and iOS counterparts, Apple has pushed out a new Safari update as well. The new version is 7.0.3 and contains mostly bug and security fixes. Apple has been beta testing this update with developers for the past few weeks. The two biggest parts of this update are changes to push notifications and the way URLs are handled.

For users who don’t want to be asked about push notifications from any site, there’s now a checkbox in the notification preferences that disables them entirely. Unchecking the box for “Allow websites to ask for permission to send push notifications” (seen above) will block all notification prompts in the future.

The second big change enables Safari to recognize new generic top-level domains (the .com bit at the end of the URL). The organization responsible for managing these has recently created several new ones for generic terms (like “.pizza”). Safari will now recognize these and go to the correct URL rather than trying to search for the term.
Expand
Expanding
Close

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

Expand
Expanding
Close

Nuance has just announced the next major version of its Mac dictation software, Dragon Dictate 4. The new version improves recognition accuracy as well as several new features, including the ability to machine transcribe from a pre-recorded audio file. You no longer have to be recording a voice live to get transcription.

[youtube=http://www.youtube.com/watch?v=RRfbZ0h4yBo]

We’ve had a quick play with the software and the accuracy is almost scary good compared to older versions of the software. Speaking in a normal voice gives you almost 100% accuracy and even mumbling seems to work. While Mavericks uses the same Nuance speech engine, Dictate 4 has a better interface for transcription and tons of extra features as outlined in the videos above and below.

Dragon Dictate software has also been updated for modern system architectures — it is a 64-bit app now.  This results in better performance and better memory management over its predecessors. The company says it has drastically reduced latency when interpreting speech.

[youtube=http://www.youtube.com/watch?v=YnGKb854CNI]

Expand
Expanding
Close

Update: Apple says an OS X fix is coming soon.

Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV  that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.

Researchers from CrowdStrike described the bug in a report:

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”

Adam Langley, a senior software engineer at Google, also wrote about the flaw on his blog ImperialViolet and created a test site to check if you have the bug (pictured above):
Expand
Expanding
Close

Apple has released OS X 10.9.1 for Mac via the Mac App Store today. The update includes a number of Mail related fixes including improved support for Gmail as well as numerous bug fixes. The update also fixes a VoiceOver issue that prevented sentences with emoji characters from being read…

Expand
Expanding
Close