App developer Craig Hockenberry has published an article today titled “in-app browsers considered harmful” warning both devs and users of security issues related to apps that take advantage of the feature. “Would it surprise you to know that every one of those apps could eavesdrop on your typing? Even when it’s in a secure login screen with a password field?” expand full story

Apple today has released new versions of Safari for OS X Lion/Mountain Lion and OS X Mavericks that address security and WebKit issues. The Safari 6.1.6 update for the older versions of OS X and Safari 7.0.6 update for the latest OS X are available in Software Update on the Mac App Store. Here are the release notes from Apple’s support page:

expand full story

Slightly ahead of the keynote later today, Apple has pushed some of its new APIs for developers into the open-source channels. The class in question is a new view that appears to replace the current iOS and OS X WebKit implementations, which enables apps to show webpages and other content inline.

The new framework seems to indicate a focus on cross-platform API compatibility, between iOS and OS X. The leaked framework seems to be fully feature-compatible across platforms. This differs to the situation today, where developers must use the ‘WebView’ class for OS X and ‘UIWebView’ for iOS. This should help developers write more reusable code.

expand full story

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

expand full story

UPDATE [Monday, September 12, 2011 at 3:30pm ET]: Dolphin Browser HD for iPad just went live on the App Store.

Most Android users are quite familiar with the third-party Dolphin Browser app, which has been downloaded over 9 million times and according to TechCrunch just raised $10 million from Sequoia Capital. It appears some of that investment will go towards the company’s efforts on iOS devices as well, as an official iOS version of the browser has just popped up in the App Store.

The iOS version brings over the majority of features that have made Dolphin so popular among Android users. Among them is highly customizable gestures, built-in translations, dock-like sidebar for accessing bookmarks, speed dial, tabbed browsing, and more. Don’t be fooled, however, Dolphin is still based on Apple’s own WebKit, much the same as the default Safari app, all other third-party browsers on the App Store, and the majority of browsers in the smartphone industry. It does have some competitors such as Opera and a handful of smaller players like SkyFire who are starting to gain traction and steadily improving their iOS offerings. expand full story