It's "disagreeing," not disliking. And probably because you can't really not use Safari on iOS/iPadOS. If you're MacOS only, then you have been wrongfully disagreed with. 😉
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
PSA: Safari Security Flaw 'Actively Exploited,' Update Your Apple Devices Now
- Thread starter MacRumors
- Start date
- Sort by reaction score
There are actually two vulnerabilities here - one in webkit(CVE-2022-32893) and one in the kernel(CVE-2022-32894) ...
Google Blink is forked from Webkit Core, and M$ uses Blink .... question is does CVE-2022-32893 relate to webkit core?
Google Blink is forked from Webkit Core, and M$ uses Blink .... question is does CVE-2022-32893 relate to webkit core?
yup - but don't forget there is also a new kernel vulnerability as well as the webkit flaw. And Edge is based on Google's Blink, which is a fork of Webkit Core
I updated to 15.6.1 yesterday on a Mac running Catalina. I had to click on Software Update in System Preferences like 4 or 5 times before the update showed up.
Different things here.
The update in question fixes a WebKit vulnerability. WebKit is used by many apps, not just Safari.
Traditionally, Apple have indeed bundled Safari and other core apps in with other iOS updates, possibly because it's the simplest approach. I believe that from iOS16 onwards, they will be making updates far more granular. That is, updates can be smaller and distributed more quickly.
Or connect it to the internet, or any peripherals, and make sure to leave it turned off. Better yet, nuke it from orbit, it's the only way to be sure.
Dispose of them, or repurpose them to a non-sensitive task. If your iPhone is no longer getting security updates, I wouldn't trust it for daily online use. You're open to many avenues of risk.
Personally, I use my old ones for GPS with downloaded offline maps dash mounted in the car or on the bike, or as lap data recorders on my race bike. If someone accesses my laptimes or my route for a recent trip it isn't a worry. I'm not even signed into iCloud on those devices.
Mine's an ESXi host running a variety of different virtual machines. They make good Scrypted or Homebridge hubs in that use.
Yeah so my point stands I'm being wrongfully disagreed with lmao. God the Tolerant MacRumors forums when you tell other Mac users you don't use Safari.
I have Microsoft Edge on all my Mac and use it constantly, however Microsoft tends to throw surprise features than I end up taking my time to disable them one by one. Still loving FireFox here and Safari remains my primary browser especially with the integrated iCloud password.
I try to use stock apps as much as possible, and that includes Safari… but recently I was forced once again to switch to Edge and Chrome, a web app I rely on for a project cannot run on Safari.
…And btw, I use stock apps not because I think they are better or I believe Apple’s privacy BS, I use them because they use less battery and are much better at RAM management.
Last edited:
The alternative is to pay a software maintenance fee, usually several thousand dollars a year. That’s how it works in professional fields.
Join the millions of us who use Firefox ... That's a solution for macOS, at least. With an iOS or iPadOS device, you're SOL because of Apple's arrogant lie stating that preventing other browser engines is somehow (hands waving) "safer".
Sure, it's safer... to their bottom line.
That depends on the platform. I have a 2009 Mac Pro with a patched version of Catalina installed, and I got an update for Safari this morning. I have received Safari updates on this Mac before today, so semi-regular Safari updates.
Granted, Safari is about the only thing (outside of other apps) that I will get an update for, since patched Catalina updates ended a while ago (since the patched Catalina is not supported by Apple).
Anyone know if it affects whatever the last version of safari is in Mojave? Yes, I know I’m retro.
Why in the first place, does Safari have kernel privileges? .....other browsers don't.
Personally, I'm deferring the update until I see actual reports of compromised phones from actual iOS users.
Personally, I'm deferring the update until I see actual reports of compromised phones from actual iOS users.
I wouldn't expect many reports, I don't see how you'd know if a device was compromised or not.
Kind Reminder: All browsers on iOS ***must*** use Webkit...
Apple should finally pull their heads out of their a.... and allow 3rd party engines!
Every 2nd severe issue on iOS seems to be using Webkit vulnerabilities... If we could use a 3rd party browser with a fully sandboxed non-webkit engine this could be easily circumvented... in the current situation, however, every app displaying web-content is a potential security nightmare.
Apple should finally pull their heads out of their a.... and allow 3rd party engines!
Every 2nd severe issue on iOS seems to be using Webkit vulnerabilities... If we could use a 3rd party browser with a fully sandboxed non-webkit engine this could be easily circumvented... in the current situation, however, every app displaying web-content is a potential security nightmare.
Last edited:
So over the last week or so, before the update, safari can become unresponsive, the day before I had to quit the app on my iMac, I tried clicking on anything, no response, I couldn’t close a window or do anything. Maybe I was being targeted?
I’ve had other issues with safari lately that just disrupts workflow annoyingly. Now with security issues like this one, I feel I hate safari a bit more from today. Sure, I’m using Ventura beta so it should be fixed eventually, but still.
And apple refuses to allow third party web browser kernels being used on iOS devices. Other than protecting their bottom line, I can’t think of any other reason why they refuse to allow other rendering engine on iOS etc.
And apple refuses to allow third party web browser kernels being used on iOS devices. Other than protecting their bottom line, I can’t think of any other reason why they refuse to allow other rendering engine on iOS etc.
Sorry if this has been answered elsewhere but are the 16 betas impacted by this as none of my devices are pulling an update?