AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Leopard webkit.3/21/2023 ![]() ![]() Although Leopard WebKit at least fixes the problems with WebKit proper it cannot defend against a deficiency in, say, NSURL, and if one were discovered then you would be vulnerable if you use Safari or any other application accessing the network in that manner, even if you have Leopard WebKit installed. Every time you update TenFourFox (and for that matter SeaMonkeyPPC), you get an updated network library, current security certificates and an up-to-date SSL implementation. Safari, for example, is precisely in this situation WebKit does not implement SSL per se, and certainly not in the way that Mozilla does. I think this bears repeating, because anything that uses the operating system libraries to securely access the network could be vulnerable to other security flaws. it's in the operating system security library. That said, you will notice that the error isn't actually in WebKit. Fortunately, the error was newly introduced in 10.9 and earlier versions of OS X are not vulnerable - you can prove that with this test site, appropriately named, which tries to trigger the bug. This is a severe flaw and makes man-in-the-middle SSL attacks greatly facilitated.Īpple has fixed this in iOS, but to date they have not fixed it in OS X. Because of the nature of the SSL failure, you can't prove that the server possesses the certificate's private key matching the public key it advertised in the handshake. iCabĪnother minority browser probably not worth supporting.Apple apparently created a major bug in the OS X SSL stack in 10.9, a one-line error that causes certain kinds of SSL handshakes to never fail. ![]() For the time being I won’t be making any effort to auto-detect the visitor’s operating system for users running Opera. Quite popular on other platforms, Opera for Mac OS X is much less important, numerically speaking. Not updated in years this browser is now so old that it’s probably not worth considering. As far as I know Firefox runs on any version of Mac OS X from Jaguar and up so there is no easy way to detect operating system based solely on the version number, although if the user agent string indicates an Intel processor then we know that the visitor is running at least Tiger. It’s native sibling, Camino, is also powered by the Gecko rendering engine and has a sizeable minority following. Gecko-based browsersĪfter the WebKit based browsers Firefox is probably the most popular. Needless to say these user agent strings should only ever be taken as advisory, not definitive, and you should always offer your users alternative choices in the event that the auto-detected default turns out to be something other than what they want. So checking the WebKit version number in the user agent string will provide a reliable way of determining the visitor OS version for people running Safari and may also work for other browsers that use WebKit such as OmniWeb. Leopard numbers are not yet available (as of March 2007).Tiger corresponds to Safari versions 2.0 through 2.0.4, WebKit versions 412 through 419.Panther corresponds to Safari versions 1.1 through 1.3.2, WebKit versions 100 through 312.8.1. ![]() Jaguar corresponds to Safari versions 1.0 through 1.0.3, WebKit versions 85.7 through 85.8.5. ![]() It turns out that browser and operating system detection based on user agent strings is a bit of a minefield but thanks to this handy page maintained by Apple determining visitor OS version is relatively straightforward for WebKit-based browsers. You’ll notice this kind of customization if you try to download QuickTime or iTunes from Apple (which tries to offer you the appropriate download for your platform), or Firefox from Mozilla (which additionally tries to offer you the appropriate language variant). To minimize the complexity for customers I want my download page to make a best guess at what operating system they are running and offer the appropriate download as the top choice. So with the release of Leopard I am finally going to branch and offer multiple versions of my products, with each branch being tied to a particular minimum version of Mac OS X. This brings with it a certain simplicity (users don’t have to care about which version to download and install) but it comes at a cost (tying your application to older versions of the operating system can make it difficult or even impossible to use newer APIs). In the past I’ve always offered a single version of my software products that runs on as many versions of Mac OS X as possible. ![]()
0 Comments
Read More
Leave a Reply. |