Apple Releases Safari 10 for OS X El Capitan and OS X Yosemite

Apple Releases Safari 10 for OS X El Capitan and OS X Yosemite

If you’ve decided not to make the move to macOS Sierra, you can still update to Safari 10 on your Mac running OS X El Capitan or Yosemite, and experience most of the new browser’s features.

Apple Releases Safari 10 for OS X El Capitan and OS X Yosemite

Safari 10 for El Capitan and Yosemite does not offer features such as the Sierra-only picture-in-picture support for video, and Apple Pay on the web, but it does include the following new features:

  • Safari Extensions
  • New Bookmarks sidebar, including double-click to focus in on a folder
  • Revamped Bookmarks and History views
  • Site-specific zoom: Safari remembers and re-applies your zoom level to websites
  • Improved AutoFill from Contacts
  • Reader improvements, including in-line sub-headlines, bylines, and publish dates
  • Legacy plug-ins are turned off by default in favor of HTML5 versions of websites
  • Allow reopening of recently closed tabs through the History menu, holding the “+” button in the tab bar, and using Shift-Command-T
  • When a link opens in a new tab, you can now click the back button or swipe to close it and go back to the original tab
  • Improved ranking of Frequently Visited Sites
  • Web Inspector Timelines Tab
  • Debugging using Web Inspector

The updated browser also offers a number of security updates, such as a fix for a number of WebKit vulnerabilities, and offers fixes for issues related to Safari Tabs and Reader.

Safari Reader

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting

Description: Multiple validation issues were addressed through improved input sanitization.

CVE-2016-4618: an anonymous researcher

Safari Tabs

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Visiting a malicious website may lead to address bar spoofing

Description: A state management issue existed in the handling of tab sessions. This issue was addressed through session state management.

CVE-2016-4751: Daniel Chatfield of Monzo Bank

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A parsing issue existed in the handling of error prototypes. This was addressed through improved validation.

CVE-2016-4728: Daniel Divricean

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks.

CVE-2016-4758: Masato Kinugawa of Cure53

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4611: Apple

CVE-2016-4729: Apple

CVE-2016-4730: Apple

CVE-2016-4731: Apple

CVE-2016-4734: Natalie Silvanovich of Google Project Zero

CVE-2016-4735: André Bargull

CVE-2016-4737: Apple

CVE-2016-4759: Tongbo Luo of Palo Alto Networks

CVE-2016-4762: Zheng Huang of Baidu Security Lab

CVE-2016-4766: Apple

CVE-2016-4767: Apple

CVE-2016-4768: Anonymous working with Trend Micro’s Zero Day Initiative

CVE-2016-4769: Tongbo Luo of Palo Alto Networks

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: A malicious website may be able to access non-HTTP services

Description: Safari’s support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version.

CVE-2016-4760: Jordan Milne

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed through improved state management.

CVE-2016-4733: Natalie Silvanovich of Google Project Zero

CVE-2016-4765: Apple

WebKit

Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6

Impact: An attacker in a privileged network position may be able to intercept and alter network traffic to applications using WKWebView with HTTPS

Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation.

CVE-2016-4763: an anonymous researcher

(Via MacRumors)

  1. 703205 100860Wow truly glad i came across your internet site, i??ll be confident to visit back now i??ve bookmarked it??. 635156

  2. 91204 215345You ought to experience a contest personally with the finest blogs on-line. Im going to suggest this page! 896247

  3. Esport says:

    129239 409646Spot on with this write-up, I genuinely suppose this internet web site needs rather more consideration. most likely be once more to learn considerably far more, thanks for that info. 499472

  4. 129165 971625Hello, Neat post. Theres an issue together along with your website in web explorer, might check this? IE nonetheless may be the marketplace leader and a huge component to folks will omit your wonderful writing because of this difficulty. 130167

  5. 137146 874163Companion, this web site will likely be fabolous, i merely like it 496179

  6. 975187 894305Hi there! I just wish to give an enormous thumbs up for the nice info youve appropriate here on this post. I shall be coming once more to your blog for extra soon. 899964

Leave a Reply

Your email address will not be published.