In early June Apple released Safari 5 which brought extension support to Apple’s web browser. At the time, the extension support was mainly intended to allow developers to design and test their own extensions. This morning Apple announced the availability of Safari 5.0.1. While the .0.1 may sounds like a minor update, this actually changes Safari in a big way by enabling Safari Extension for all users.
With extensions going live for all users, Apple has also opened its official Safari Extension Gallery. Currently the Extensions Gallery has a little over 100 extensions available, including official extensions from Twitter, Microsoft, eBay, Amazon, The Weather Channel, FOX News, NY Times, LastPass and more. Some of the other extensions that are sure to become popular fast include “Better Facebook,” “AdBlock” and “Mouse Gestures” all of which are already popular for Mozilla’s Firefox web browser.
“Safari 5 has been a big hit, and user response to the innovative new Safari Reader has been fantastic,” said Brian Croll, Apple’s vice president of OS X Product Marketing. “We’re thrilled to see so many leading developers creating great extensions and think our users are going to love being able to customize Safari.”
In addition to enabling Safari Extensions, Safari 5.0.1 also addresses the recently discovered Auto Fill flaw that could allow malicious websites to still personal information. From Apple KB HT4276:
Safari’s AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user’s Address Book Card. To trigger the issue, the following two situations are required. First, in Safari Preferences, under AutoFill, the “Autofill web forms using info from my Address Book card” checkbox must be selected. Second, the user’s Address Book must have a Card designated as “My Card”. Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected. Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
