Safari Changelog

New in version 8.0.6

May 7th, 2015
  • THIS SECURITY FIX ADDRESSES THE FOLLOWING:
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit.
  • These issues were addressed through improved memory handling.
  • CVE-ID:
  • CVE-2015-1152 : Apple
  • CVE-2015-1153 : Apple
  • CVE-2015-1154 : Apple
  • WebKit History:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Impact: Visiting a maliciously crafted website may compromise user information on the filesystem
  • Description: A state management issue existed in Safari that allowed unprivileged origins to access contents on the filesystem. This issue was addressed through improved state management.
  • CVE-ID:
  • CVE-2015-1155 : Joe Vennix of Rapid7 Inc. working with HP's Zero Day
  • Initiative
  • WebKit Page Loading:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Impact: Visiting a malicious website by clicking a link may lead to user interface spoofing
  • Description: An issue existed in the handling of the rel attribute in anchor elements. Target objects could get unauthorized access to link objects. This issue was addressed through improved link type adherence.
  • CVE-ID:
  • CVE-2015-1156 : Zachary Durber of Moodle

New in version 8.0.5 (April 8th, 2015)

  • Safari:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Users may be tracked by malicious websites using client certificates
  • Description: An issue existed in Safari's client certificate matching for SSL authentication. This issue was addressed by improved matching of valid client certificates.
  • CVE-ID: CVE-2015-1129
  • Safari:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Notifications preferences may reveal users' browsing history in private browsing mode
  • Description: Responding to push notification requests in private browsing mode revealed users' browsing history. This issue was addressed by disabling push notification prompts in private browsing mode.
  • CVE-ID: CVE-2015-1128
  • Safari:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Users' browsing history may not be completely purged
  • Description: A state management issue existed in Safari that resulted in users' browsing history not being purged from history.plist. This issue was addressed by improved state management.
  • CVE-ID: CVE-2015-1112
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: CVE-2015-1119, CVE-2015-1120, CVE-2015-1121, CVE-2015-1122, CVE-2015-1124
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Users' browsing history in private mode may be indexed
  • Description: A state management issue existed in Safari that inadvertently indexed users' browsing history when in private browsing mode. This issue was addressed by improved state management.
  • CVE-ID: CVE-2015-1127
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Impact: Visiting a maliciously crafted website may lead to resources of another origin being accessed
  • Description: An issue existed in WebKit's credential handling for FTP URLs. This issue was addressed by improved URL decoding.
  • CVE-ID: CVE-2015-1126

New in version 8.0.4 (March 18th, 2015)

  • ADDRESSES THE FOLLOWING SECURITY FLAWS:
  • WebKit:
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: CVE-2015-1068, CVE-2015-1069, CVE-2015-1070, CVE-2015-1071, CVE-2015-1072, CVE-2015-1073, CVE-2015-1074, CVE-2015-1075, CVE-2015-1076, CVE-2015-1077, CVE-2015-1078, CVE-2015-1079, CVE-2015-1080, CVE-2015-1081, CVE-2015-1082, CVE-2015-1083
  • WebKit:
  • Impact: Inconsistent user interface may prevent users from discerning a phishing attack
  • Description: A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL. This issue was addressed through improved user interface consistency checks.
  • CVE-ID: CVE-2015-1084

New in version 8.0.3 (January 28th, 2015)

  • ADDRESSES THE FOLLOWING SECURITY FLAW:
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: CVE-2014-3192 (cloudfuzzer), CVE-2014-4476 (Apple), CVE-2014-4477 (lokihardt@ASRT working with HP’s Zero Day Initiative), CVE-2014-4479 (Apple)

New in version 8.0.1 (December 4th, 2014)

  • ADDRESSES THE FOLLOWING SECURITY FLAWS:
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
  • Impact: Style sheets are loaded cross-origin which may allow for data exfiltration
  • Description: An SVG loaded in an img element could load a CSS file cross-origin. This issue was addressed through enhanced blocking of external CSS references in SVGs.
  • CVE-ID: CVE-2014-4465 (Rennie deGraaf of iSEC Partners)
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
  • Impact: Visiting a website that frames malicious content may lead to UI spoofing
  • Description: A UI spoofing issue existed in the handling of scrollbar boundaries. This issue was addressed through improved bounds checking.
  • CVE-ID: CVE-2014-1748 (Jordan Milne)
  • WebKit:
  • Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: Apple (CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475), CVE-2014-4459, CVE-2014-4452

New in version 7.1 / 6.2 (September 18th, 2014)

  • Address the following:
  • Safari:
  • Impact: An attacker with a privileged network position may intercept user credentials
  • Description: Saved passwords were autofilled on http sites, on https sites with broken trust, and in iframes. This issue was addressed by restricting password autofill to the main frame of https sites with valid certificate chains.
  • CVE-ID: CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford University working with Eric Chen and Collin Jackson of Carnegie Mellon University
  • WebKit:
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: CVE-2013-6663 : Atte Kettunen of OUSPG, CVE-2014-4410 : Eric Seidel of Google, CVE-2014-4411 : Google Chrome Security Team, CVE-2014-4412 : Apple, CVE-2014-4413 : Apple, CVE-2014-4414 : Apple, CVE-2014-4415 : Apple
  • WebKit:
  • Impact: A malicious website may be able to track users even when private browsing is enabled
  • Description: A web application could store HTML 5 application cache data during normal browsing and then read the data during private browsing. This was addressed by disabling access to the application cache when in private browsing mode.
  • CVE-ID: CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)

New in version 7.0.6 / 6.1.6 (August 14th, 2014)

  • Addresses the following:
  • WebKit:
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit.
  • These issues were addressed through improved memory handling.
  • CVE-ID: CVE-2014-1384, CVE-2014-1385, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390 (Apple), CVE-2014-1386 (an anonymous researcher), CVE-2014-1387 (Google Chrome Security Team)

New in version 7.0.5 / 6.1.5 (July 1st, 2014)

  • WebKit:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID
  • CVE-2014-1325 : Apple
  • CVE-2014-1340 : Apple
  • CVE-2014-1362 : Apple, miaubiz
  • CVE-2014-1363 : Apple
  • CVE-2014-1364 : Apple
  • CVE-2014-1365 : Apple, Google Chrome Security Team
  • CVE-2014-1366 : Apple
  • CVE-2014-1367 : Apple
  • CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech)
  • CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics
  • WebKit:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
  • Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content
  • Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources.
  • CVE-ID
  • CVE-2014-1369 : Aaron Sigel of vtty.com
  • WebKit:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
  • Impact: A maliciously crafted website may be able to spoof its domain name in the address bar
  • Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs.
  • CVE-ID
  • CVE-2014-1345 : Erling Ellingsen of Facebook

New in version 7.0.4 / 6.1.4 (May 22nd, 2014)

  • Addresses the following security issues:
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID:
  • CVE-2013-2875 : miaubiz
  • CVE-2013-2927 : cloudfuzzer
  • CVE-2014-1323 : banty
  • CVE-2014-1324 : Google Chrome Security Team
  • CVE-2014-1326 : Apple
  • CVE-2014-1327 : Google Chrome Security Team, Apple
  • CVE-2014-1329 : Google Chrome Security Team
  • CVE-2014-1330 : Google Chrome Security Team
  • CVE-2014-1331 : cloudfuzzer
  • CVE-2014-1333 : Google Chrome Security Team
  • CVE-2014-1334 : Apple
  • CVE-2014-1335 : Google Chrome Security Team
  • CVE-2014-1336 : Apple
  • CVE-2014-1337 : Apple
  • CVE-2014-1338 : Google Chrome Security Team
  • CVE-2014-1339 : Atte Kettunen of OUSPG
  • CVE-2014-1341 : Google Chrome Security Team
  • CVE-2014-1342 : Apple
  • CVE-2014-1343 : Google Chrome Security Team
  • CVE-2014-1344 : Ian Beer of Google Project Zero
  • CVE-2014-1731 : an anonymous member of the Blink development
  • community
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
  • Impact: A malicious site can send messages to a connected frame or window in a way that might circumvent the receiver's origin check
  • Description: An encoding issue existed in the handling of unicode characters in URLs. A maliciously crafted URL could have led to sending an incorrect postMessage origin. This issue was addressed through improved encoding/decoding.
  • CVE-ID:
  • CVE-2014-1346 : Erling Ellingsen of Facebook

New in version 7.0.3 / 6.1.3 (April 2nd, 2014)

  • Fixes an issue that could cause the search and address field to load a webpage or send a search term before the return key is pressed
  • Improves credit card auto-fill with websites
  • Fixes an issue that could block receipt of push notifications from websites
  • Adds a preference to turn off push notification prompts from websites
  • Adds support for webpages with generic top-level domains
  • Strengthens Safari sandboxing
  • Fixes security issues, including several identified in recent security competitions:
  • WebKit:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID:
  • CVE-2013-2871 : miaubiz
  • CVE-2013-2926 : cloudfuzzer
  • CVE-2013-2928 : Google Chrome Security Team
  • CVE-2013-6625 : cloudfuzzer
  • CVE-2014-1289 : Apple
  • CVE-2014-1290 : ant4g0nist (SegFault) working with HP's Zero Day
  • Initiative, Google Chrome Security Team
  • CVE-2014-1291 : Google Chrome Security Team
  • CVE-2014-1292 : Google Chrome Security Team
  • CVE-2014-1293 : Google Chrome Security Team
  • CVE-2014-1294 : Google Chrome Security Team
  • CVE-2014-1298 : Google Chrome Security Team
  • CVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of
  • University of Szeged / Samsung Electronics
  • CVE-2014-1300 : Ian Beer of Google Project Zero working with HP's
  • Zero Day Initiative
  • CVE-2014-1301 : Google Chrome Security Team
  • CVE-2014-1302 : Google Chrome Security Team, Apple
  • CVE-2014-1303 : KeenTeam working with HP's Zero Day Initiative
  • CVE-2014-1304 : Apple
  • CVE-2014-1305 : Apple
  • CVE-2014-1307 : Google Chrome Security Team
  • CVE-2014-1308 : Google Chrome Security Team
  • CVE-2014-1309 : cloudfuzzer
  • CVE-2014-1310 : Google Chrome Security Team
  • CVE-2014-1311 : Google Chrome Security Team
  • CVE-2014-1312 : Google Chrome Security Team
  • CVE-2014-1313 : Google Chrome Security Team
  • CVE-2014-1713 : VUPEN working with HP's Zero Day Initiative
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2
  • Impact: An attacker running arbitary code in the WebProcess may be able to read arbitrary files despite sandbox restrictions
  • Description: A logic issue existed in the handling of IPC messages from the WebProcess. This issue was addressed through additional validation of IPC messages.
  • CVE-ID:
  • CVE-2014-1297 : Ian Beer of Google Project Zero

New in version 7.0.2 / 6.1.2 (February 26th, 2014)

  • Addresses the following security issues:
  • WebKit:
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: Apple (CVE-2014-1268, CVE-2014-1269, CVE-2014-1270), cloudfuzzer (CVE-2013-6635)
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.1
  • For OS X Mavericks systems, Safari 7.0.2 will be included in OS X Mavericks 10.9.2.
  • For OS X Mountain Lion systems Safari 6.1.2 may be obtained from Mac App Store.
  • For OS X Lion systems Safari 6.1.2 is available via the Apple Software Update application.

New in version 7.0.1 / 6.1.1 (December 17th, 2013)

  • SECURITY FIXES:
  • SAFARI:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9
  • Impact: User credentials may be disclosed to an unexpected site via autofill
  • Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.
  • CVE-ID: CVE-2013-5227 - Niklas Malmgren of Klarna AB
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: Atte Kettunen of OUSPG (CVE-2013-2909), Apple (CVE-2013-5195, CVE-2013-5198, CVE-2013-5199), Google Chrome Security Team (CVE-2013-5196, CVE-2013-5197, CVE-2013-5225), Keen Team (@K33nTeam) working with HP's Zero Day Initiative (CVE-2013-5228).

New in version 7.0 / 6.1 (October 23rd, 2013)

  • NEW FEATURES:
  • Shared Links: See links shared by people you follow on Twitter.
  • Sidebar: See your Bookmarks, Reading List, and Shared Links in one convenient place.
  • One-click bookmarking: Just click the (+) button to the left of the Smart Search Field to add a webpage to your Reading List. Click and hold to add it to the Favorites Bar or to your Bookmarks.
  • Safari Power Saver: Increase energy efficiency by playing only the plug-in content you want to see.
  • Third-party data blocking: By default, Safari blocks third-party websites from leaving cookies and other types of data that could be used to track your browsing.
  • Built-in Yandex Search: Leading Russian search engine Yandex is now an option for Russian users.
  • SECURITY FIXES:
  • SAFARI:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking.
  • CVE-ID: CVE-2013-1036: Kai Lu of Fortinet's FortiGuard Labs
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.3
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID: Google Chrome Security Team (CVE-2013-1037, CVE-2013-1038, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1045, CVE-2013-1046, CVE-2013-5125, CVE-2013-5127), miaubiz (CVE-2013-1047), Cyril Cattiaux (CVE-2013-2842), Apple (CVE-2013-5128, CVE-2013-1044, CVE-2013-5126), own-hero Research working with iDefense VCP (CVE-2013-1039)
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5
  • Impact: Visiting a maliciously crafted website may lead to an information disclosure
  • Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs.
  • CVE-ID: CVE-2013-2848: Egor Homakov
  • WEBKIT:
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5
  • Impact: Dragging or pasting a selection may lead to a cross-site scripting attack
  • Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation.
  • CVE-ID: CVE-2013-5129: Mario Heiderich
  • WEBKIT
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5
  • Impact: Using the Web Inspector disabled Private Browsing
  • Description: Using the Web Inspector disabled Private Browsing without warning. This issue was addressed by improved state management.
  • CVE-ID: CVE-2013-5130: Laszlo Varady of Eotvos Lorand University
  • WEBKIT
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5
  • Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
  • Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking.
  • CVE-ID: CVE-2013-5131: Erling A Ellingsen

New in version 6.0.5 (June 5th, 2013)

  • Safari 6.0.5 is now available and addresses the following:
  • Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking.
  • A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content.
  • XSS Auditor may rewrite URLs to prevent cross-site scripting attacks. This may lead to a malicious alteration of the behavior of a form submission. This issue was addressed through improved validation of URLs.

New in version 6.0.4 (April 17th, 2013)

  • Safari 6.0.4 is now available and addresses the following:
  • CVE-2013-0912 : Nils and Jon from MWR Labs working with HP TippingPoint's Zero Day Initiative
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.

New in version 6.0.3 (March 15th, 2013)

  • HIGHLIGHTS:
  • Improves scrolling on facebook.com
  • Improves scrolling while zoomed in on a webpage
  • Improves performance on webpages with plug-in content
  • A fix for an issue that could cause the inaccurate appearance of an alert that bookmarks can't be changed
  • A fix for an issue that could cause duplicate bookmarks to appear on an iOS device after editing bookmarks with Safari in OS X
  • A fix for an issue that permitted users to access unfiltered search results when searching from google.com when Parental Controls are enabled
  • A fix for an issue that could prevent Safari from restoring the last position on a webpage a user navigated back to
  • ADDS FIXES FOR THE FOLLOWING SECURITY ISSUES:
  • WEBKIT:
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • CVE-ID:
  • CVE-2012-2824 : miaubiz
  • CVE-2012-2857 : Arthur Gerkis
  • CVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0951 : Apple
  • CVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the Google Chrome Security Team
  • CVE-2013-0955 : Apple
  • CVE-2013-0956 : Apple Product Security
  • CVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security Team
  • CVE-2013-0960 : Apple
  • CVE-2013-0961 : wushi of team509 working with iDefense VCP
  • WEBKIT:
  • Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
  • Description: A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking.
  • CVE-ID:
  • CVE-2012-2889 : Sergey Glazunov
  • WEBKIT:
  • Impact: Copying and pasting content on a malicious website may lead to a cross-site scripting attack
  • Description: A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content.
  • CVE-ID:
  • CVE-2013-0962 : Mario Heiderich of Cure53

New in version 6.0.2 (November 2nd, 2012)

  • Adds fixes for the following security issues:
  • WebKit CVE-2012-3748 (Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint's Zero Day Initiative):
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A time of check to time of use issue existed in the handling of JavaScript arrays. This issue was addressed through additional validation of JavaScript arrays.
  • WebKit CVE-2012-5112 (Pinkie Pie working with Google's Pwnium 2 contest):
  • Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue existed in the handling of SVG images. This issue was addressed through improved memory handling.

New in version 5.1.7 (May 9th, 2012)

  • Improve the browser's responsiveness when the system is low on memory
  • Fix an issue that could prevent webpages from responding after using a pinch to zoom gesture
  • Fix an issue that could affect websites using forms to authenticate users
  • Disable versions of Adobe Flash Player that do not include the latest security updates and provide the option to get the current version from Adobe's website.

New in version 5.1.5 (March 27th, 2012)

  • LION:
  • Safari 5.1.5 contains a fix for an issue that could affect website usability when running Safari in 32-bit mode.
  • SNOW LEOPARD:
  • Safari 5.1.5 contains improvements to usability and stability, including changes that:
  • Fix an issue that could affect website usability when running Safari in 32-bit mode
  • Fix an issue that could affect the stability of Software Update on Mac OS X Server v10.6.8

New in version 5.1.4 (March 13th, 2012)

  • LION:
  • Improve JavaScript performance
  • Improve responsiveness when typing into the search field after changing network configurations or with an intermittent network connection
  • Address an issue that could cause webpages to flash white when switching between Safari windows
  • Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs
  • Preserve links in PDFs saved from webpages
  • Fix an issue that could make Flash content appear incomplete after using gesture zooming
  • Fix an issue that could cause the screen to dim while watching HTML5 video
  • Improve stability, compatibility and startup time when using extensions
  • Allow cookies set during regular browsing to be available after using Private Browsing
  • Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button
  • SNOW LEOPARD:
  • Improve responsiveness when typing into the search field after changing network configurations or with an intermittent network connection
  • Address an issue that could cause webpages to flash white when switching between Safari windows
  • Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs
  • Preserve links in PDFs saved from webpages
  • Correct the contents of context menus on webpages that are PDFs
  • Fix an issue that could cause the screen to dim while watching HTML5 video
  • Improve stability, compatibility and startup time when using extensions
  • Allow cookies set during regular browsing to be available after using Private Browsing
  • Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button

New in version 5.1.2 (November 30th, 2011)

  • Improve stability
  • Address issues that could cause hangs and excessive memory usage
  • Address issues that could cause webpages to flash white
  • Allow PDFs to be displayed within web content

New in version 5.1.1 (October 12th, 2011)

  • Improve JavaScript performance up to 13% over Safari 5.1
  • Address issues that could cause hangs and excessive memory usage
  • Improve stability when using Find, dragging tabs, and managing extensions
  • Improve stability for netflix.com and other websites that use the Silverlight plug-in
  • Address an issue that could prevent East Asian character input into webpages with Flash content
  • Address an issue that could cause History items to appear incorrectly
  • Improve printing from Safari
  • Address an issue that could prevent the Google Safe Browsing Service from updating

New in version 5.1 (July 20th, 2011)

  • New features:
  • Reading List: Easily add webpages and links to your Reading List to browse when you have time.
  • New Process Architecture: Safari has been re-engineered for improved stability and responsiveness.
  • Resume: In the General pane of Safari preferences, you can now choose to launch Safari with the windows from your last browsing session.
  • Better Privacy: A new Privacy pane in Safari preferences makes it easy to remove data that websites can leave on your system.
  • Other improvements:
  • Private AutoFill: Safari lets you fill out forms quickly while keeping your personal information private.
  • Find Option: When you use Find, you can choose whether you want to search for text that contains or starts with the text that you type in the search field.
  • Drag-and-drop Downloads: You can drag items out of the Downloads window in Safari, so you can easily place downloaded files on the Desktop.
  • Advanced Web Technologies: Safari introduces support for full-screen webpages, media caching with the HTML5 application cache, MathML, Web Open Font Format, CSS3 Auto-hyphenation, CSS3 Vertical Text, CSS3 Text Emphasis, Window.onError, and Formatted XML files.
  • New Extension APIs: Developers can take advantage of new Safari Extension support for popovers, menus, new event classes, and interaction with Reader.

New in version 5.0.6 (July 20th, 2011)

  • Stability improvements for web applications that use WebSocket with certain proxy configurations
  • Improvements to the appearance and layout of text with HTML5 ruby annotations
  • A fix for an issue that could cause elements in frames to appear in the wrong place on pandora.com and other websites

New in version 5.0.5 (April 15th, 2011)

  • WebKit:
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • CVE-ID: CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann working with TippingPoint's Zero Day Initiative
  • WebKit:
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.5 or later, Mac OS X Server v10.6.5 or later, Windows 7, Vista, XP SP2 or later
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
  • CVE-ID: CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day Initiative, and Martin Barbella

New in version 5.0.4 (March 9th, 2011)

  • Improved stability for webpages with multiple instances of plug-in content
  • Improved compatibility with webpages with image reflections and transition effects
  • A fix for an issue that could cause some webpages to print with incorrect layouts
  • A fix for an issue that could cause content to display incorrectly on webpages with plug-ins
  • A fix for an issue that could cause a Screen Saver to appear while video is playing in Safari
  • Improved compatibility with VoiceOver on webpages with text input areas and lists with selectable items
  • Improved stability when using VoiceOver

New in version 5.0.3 (November 18th, 2010)

  • More accurate Top Hit results in the Address Field
  • More accurate results in Top Sites
  • Fixes an issue that could cause content delivered with the Flash 10.1 plug-in to overlap webpage content
  • More reliable pop-up blocking
  • Improved stability when typing into search and text input fields on www.netflix.com andwww.facebook.com
  • Improved stability when using JavaScript-intensive extensions
  • Improved stability when using VoiceOver with Safari

New in version 4.1.3 (November 18th, 2010)

  • More accurate Top Hit results in the Address Field
  • More accurate results in Top Sites
  • Fixes an issue that could cause content delivered with the Flash 10.1 plug-in to overlap webpage content
  • More reliable pop-up blocking
  • Improved stability when typing into search and text input fields on www.netflix.com andwww.facebook.com
  • Improved stability when using VoiceOver with Safari

New in version 5.0.2 (September 8th, 2010)

  • Fixes an issue that could prevent users from submitting web forms
  • Fixes an issue that could cause web content to display incorrectly when viewing a Google Image result with Flash 10.1 installed
  • Establishes an encrypted, authenticated connection to the Safari Extensions Gallery

New in version 4.1.2 (September 8th, 2010)

  • Fixes an issue that could prevent users from submitting web forms

New in version 5.0.1 (July 28th, 2010)

  • More accurate Top Hit results in the Address Field
  • More accurate timing for CSS animations
  • Better stability when using the Safari Reader keyboard shortcut
  • Better stability when scrolling through MobileMe Mail
  • Fixes display of multipage articles from www.rollingstone.com in Safari Reader
  • Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems
  • Fixes an issue that prevented Safari from launching on Leopard systems with network home directories
  • Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image
  • Fixes an issue that could cause Flash content to overlap with other content on www.facebook.com, www.crateandbarrel.com, and other sites when using Flash 10.1
  • Fixes an issue that prevented boarding passes from www.aa.com from printing correctly
  • Fixes an issue that could cause DNS prefetching requests to overburden certain routers
  • Fixes an issue that could cause VoiceOver to misidentify elements of webpages

New in version 5.0 (June 8th, 2010)

  • This update contains new features including:
  • Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page.
  • Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing.
  • Bing Search Option: New Bing search option for Safari's Search Field, in addition to Google and Yahoo!.
  • Improved HTML5 support: Safari supports over a dozen new HTML5 features, including Geolocation, full screen for HTML5 video, closed captions for HTML5 video, new sectioning elements (article, aside, footer, header, hgroup, nav and section), HTML5 AJAX History, EventSource, WebSocket, HTML5 draggable attribute, HTML5 forms validation, and HTML5 Ruby.
  • Safari Developer Tools: A new Timeline Panel in the Web Inspector shows how Safari interacts with a website and identifies areas for optimization. New keyboard shortcuts make it faster to switch between panels.
  • Other improvements include:
  • Smarter Address Field: The Smart Address Field can now match text against the titles of webpages in History and Bookmarks, as well as any part of their URL.
  • Tabs Setting: Automatically open new webpages in tabs instead of in separate windows.
  • Hardware Acceleration for Windows: Use the power of the computer's graphics processor to smoothly display media and effects on PC as well as Mac.
  • Search History with Date: A new date indicator in Full History Search shows when webpages were viewed.
  • Top Sites/History Button: Switch easily between Top Sites and Full History Search with a new button that appears at the top of each view.
  • Private Browsing Icon: A “Private” icon appears in the Smart Address Field when Private Browsing is on. Click on the icon to turn off Private Browsing.
  • DNS Prefetching: Safari looks up the addresses of links on webpages and can load those pages faster.
  • Improved Page Caching: Safari can add additional types of webpages to the cache so they load quickly.
  • XSS Auditor: Safari can filter potentially malicious scripts used in cross-site scripting (XSS) attacks.
  • Improved JavaScript Support: Safari allows web applications that use JavaScript Object Notation (JSON) to run faster and more securely.

New in version 4.0.5 (March 12th, 2010)

  • This update is recommended for all Safari users and includes improvements to performance, stability, and security including:
  • Performance improvements for Top Sites
  • Stability improvements for 3rd-party plug-ins
  • Stability improvements for websites with online forms and Scalable Vector Graphics
  • Fixes an issue that prevented Safari from changing settings on some Linksys routers

New in version 4.0.4 (November 11th, 2009)

  • Improved JavaScript performance
  • Improved Full History Search performance for users with a large number of history items
  • Stability improvements for 3rd-party plug-ins, the search field and Yahoo! Mail

New in version 4.0.3 (August 12th, 2009)

  • Stability improvements for webpages that use the HTML 5 video tag.
  • Stability improvements for 3rd-party plug-ins.
  • Stability improvements for Top Sites.
  • Fixes an issue that prevented some users from logging into iWork.com
  • Fixes an issue that could cause web content to be displayed in greyscale instead of color.

New in version 4.0.2 (July 8th, 2009)

  • Recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.

New in version 4.0.1 (June 18th, 2009)

  • This update addresses incompatibilities between Safari 4.0 and certain features in iPhoto '09, including Places and Facebook publishing.

New in version 4.0 (June 8th, 2009)

  • Now, with Safari 4, you can choose your favorite sites from a stunning wall of graphical previews with Top Sites.
  • Flip through websites as easily as you flip through albums in iTunes with Cover Flow. Easily retrieve sites you've seen before with Full History Search.

New in version 3.2.3 (May 13th, 2009)

  • libxml - Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow exists in libxml's handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3.
  • Safari - Impact: Accessing a maliciously crafted "feed:" URL may lead to arbitrary code execution
  • Description: Multiple input validation issues exist in Safari's handling of "feed:" URLs. Accessing a maliciously crafted "feed:" URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of "feed:" URLs. These issues do not affect systems prior to Mac OS X v10.5. These issues are addressed in Safari 3.2.3. Credit to Billy Rios of Microsoft Vulnerability Research (MSVR), and Alfredo Melloni for reporting these issues.
  • WebKit - Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
  • Description: A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. This issue is addressed in Safari 3.2.3. Credit to Nils working with TippingPoint's Zero Day Initiative for reporting this issue.

New in version 4 Beta (February 24th, 2009)

  • Top Sites, a display of frequently visited pages in a stunning wall of previews so users can jump to their favorite sites with a single click;
  • Full History Search, where users search through titles, web addresses and the complete text of recently viewed pages to easily return to sites they've seen before;
  • Cover Flow, to make searching web history or bookmarks as fun and easy as paging through album art in iTunes(R);
  • Tabs on Top, for better tabbed browsing with easy drag-and-drop tab management tools and an intuitive button for opening new ones;
  • Smart Address Field, that automatically completes web addresses by displaying an easy-to-read list of suggestions from Top Sites, bookmarks and browsing history;
  • Smart Search Field, where users fine-tune searches with recommendations from Google Suggest or a list of recent searches;
  • Full Page Zoom, for a closer look at any website without degrading the quality of the site's layout and text;
  • Nuilt-in web developer tools to debug, tweak and optimize a website for peak performance and compatibility.

New in version 3.2.1 (November 25th, 2008)

  • This update includes stability improvements and is recommended for all Safari users.

New in version 3.2 (November 14th, 2008)

  • Available for: Windows XP or Vista
  • Impact: Multiple vulnerabilities in zlib 1.2.2
  • Description: Multiple vulnerabilities exist in zlib 1.2.2, the most serious of which may lead to a denial of service. This update addresses the issues by updating to zlib 1.2.3. These issues do not affect Mac OS X systems. Credit to Robbie Joosten of bioinformatics@school, and David Gunnells of the University of Alabama at Birmingham for reporting these issues.
  • CVE-ID: CVE-2008-1767
  • Available for: Windows XP or Vista
  • Impact: Processing an XML document may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow issue exists in the libxslt library. Viewing a maliciously crafted HTML page may lead to an unexpected application termination or arbitrary code execution. Further information on the patch applied is available via http://xmlsoft.org/XSLT/ This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit to Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of the Google Security Team for reporting this issue.
  • CVE-ID: CVE-2008-3623
  • Available for: Windows XP or Vista
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow exists in CoreGraphics' handling of color spaces. Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
  • CVE-ID: CVE-2008-2327
  • Available for: Windows XP or Vista
  • Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
  • Description: Multiple uninitialized memory access issues exist in libTIFF's handling of LZW-encoded TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through proper memory initialization and additional validation of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple.
  • CVE-ID: CVE-2008-2332
  • Available for: Windows XP or Vista
  • Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exits in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of TIFF images. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit to Robert Swiecki of the Google Security Team for reporting this issue.
  • CVE-ID: CVE-2008-3608
  • Available for: Windows XP or Vista
  • Impact: Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in ImageIO's handling of embedded ICC profiles in JPEG images. Viewing a large maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved processing of ICC profiles. This issue is addressed in systems running Mac OS X v10.5.5 or later, and in Mac OS X v10.4.11 systems that have applied Security Update 2008-006. Credit: Apple.
  • CVE-ID: CVE-2008-3642
  • Available for: Windows XP or Vista
  • Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution
  • Description: A buffer overflow exists in the handling of images with an embedded ICC profile. Opening a maliciously crafted image with an embedded ICC profile may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of ICC profiles in images. This issue does not affect Mac OS X systems that have applied Security Update 2008-007. Credit: Apple.
  • CVE-ID: CVE-2008-3644
  • Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
  • Impact: Sensitive information may be disclosed to a local console user
  • Description: Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. This may lead to the disclosure of sensitive information to a local user. This update addresses the issue by properly clearing the form data. Credit to an anonymous researcher for reporting this issue.
  • CVE-ID: CVE-2008-2303
  • Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A signedness issue in Safari's handling of JavaScript array indices may result in an out-of-bounds memory access. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript array indices. Credit to SkyLined of Google for reporting this issue.
  • CVE-ID: CVE-2008-2317
  • Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
  • Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in WebCore's handling of style sheet elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved garbage collection. Credit to an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2008-4216
  • Available for: Mac OS X v10.4.11, Mac OS X v10.5.5, Windows XP or Vista
  • Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information
  • Description: WebKit's plug-in interface does not block plug-ins from launching local URLs. Visiting a maliciously crafted website may allow a remote attacker to launch local files in Safari, which may lead to the disclosure of sensitive information. This update addresses the issue by restricting the types of URLs that may be launched via the plug-in interface. Credit to Billy Rios of Microsoft, and Nitesh Dhanjani of Ernst & Young for reporting this issue.

New in version 3.1.1 (April 17th, 2008)

  • A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems. Available for: Windows XP or Vista.
  • A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems. Available for: Windows XP or Vista.
  • An issue exists in WebKi's handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue. Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista.
  • A heap buffer overflow exists in WebKit's handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues. Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista.

New in version 3.1 (March 18th, 2008)

  • Improves JavaScript performance
  • Adds support for CSS 3 web fonts
  • Adds support for CSS transforms and transitions
  • Adds support for HTML 5 and elements
  • Adds support for offline storage for Web applications in SQL databases
  • Adds support for SVG images in IMG elements and CSS images
  • Adds support for SVG advanced text
  • Improves Back/Forward performance
  • Supports signed Java applets
  • Shows Caps Lock icon in password fields
  • Adds support for showModalDialog
  • Localized in 16 languages
  • Adds support for International Domain Names
  • Improves handling of Japanese, Chinese, and Korean text
  • Contextual menu now allows opening a link in a window or tab
  • Improves pop-up blocking to work with plug-ins
  • Increases site compatibility
  • Improves application stability
  • Adds option in Safari preferences to turn on the new Develop menu which contains various web development features
  • Allows access to Web Inspector
  • Allows access to Network Timeline
  • Allows editing CSS in the Web Inspector
  • Allows custom user agent string
  • Improves snippet editor
  • Double clicking on the Tab Bar opens new tab
  • Includes URL metadata when images are dragged or saved from browser
  • Opens Download and Activity window in current Space
  • Supports trackpad gestures for back, forward, and magnify on MacBook Air and compatible MacBook Pro computers
  • Shows Caps Lock icon in password fields