Researchers: hackers have used an 18-year-old flaw in how Safari, Chrome, and Firefox on macOS handle queries to a 0.0.0.0 IP address to breach private networks
Weaknesses in Chrome, Firefox and Safari gave hackers a route into internal networks, even those protected by firewalls, security researchers warn.
PWAs no longer work as standalone apps in iOS 17.4 betas, presumably as part of Apple's preparation for EU DMA which forces it to allow alt browser engines
but they aren't dead Bruce Lawson / Bruce Lawson's personal site : Is Apple breaking PWAs out of malicious compliance? Tom Pritchard / Tom's Guide : iOS 17.4 beta just broke iPhone web apps — but only...
Apple releases emergency security updates for iOS, iPadOS, macOS, and watchOS to patch three zero-day vulnerabilities, for a total of 16 zero-days fixed in 2023
Attacks Underway Lance Whitney / ZDNet : Apple issues emergency security updates for iPhone, iPad, and Apple Watch Kevin Poireault / Infosecurity : mWISE: Why Zero Days Are Set for Highest Year on Rec...
As open web advocates raise concerns over the Web Environment Integrity proposal, a look at a similar Apple system shipped in 2022 to make Captchas unnecessary
Tim Perry / HTTP Toolkit : Twitter: @pimterry . Forums: Hacker News and r/programming Twitter: Tim Perry / @pimterry : Turns out that Web Environment Integrity proposal everybody is getting angry abo...
Twitter no longer lets users browse tweets, user profiles, and comment threads on the web without logging in, redirecting Twitter URLs to the sign in page
https://www.theverge.com/... @ahimsa_pdx@disabled.social : You can no longer view tweets if you're not logged in to twitter. — You can't even view someone's twitter profile, not even if it's public....
An investigation shows TrustCor Systems, used by Chrome, Safari, and Firefox as a root certificate authority, has connections to US intel and law enforcement
TrustCor Systems vouches for the legitimacy of websites. But its physical address is a UPS Store in Toronto. Tweets: @shashj , @josephmenn , @jvagle , @matthew_d_green , and @v0max Tweets: Shashank J...
A deep dive: how Apple uses iOS WebKit monopoly to strip-mine and sabotage the web, hurting all browser engine projects and draining the web of future potential
the only platform that actually supports Safari *and* competing browsers. @satefan : An open letter to Tim Cook signed by all iOS browsers builders (big and small), an alliance, writing code to prove ...
Apple now lets “reader” apps link to websites for creating or managing user accounts, after the company gives access to an External Link Account Entitlement
that a LOT of their “services revenue” is a 30% commission from sleazy games exploiting gambling psychology to extract money from people, many of whom are children — is SO uncomfortable that they keep...
A flaw in Safari 15's IndexedDB API can leak browser activity and user identifiers, like Google ID, to other sites; Apple was alerted of the flaw on November 28
DISCLAIMER: FingerprintJS does not use this vulnerability in our products and does not provide cross-site tracking services. Source: The Verge .
Safari's extremely slow pace in adopting popular features and fixing showstopping bugs, and refusal to engage with contentious API proposals, is harming the web
Features not implemented are not dangerous —'Safari is the next IE' is well supported by many bugs —Ignoring Chrome proposals without engaging or alternative offers, makes the problem worse https://ht...