Fastest web browser for Mac from Apple

Safari for Mac

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more

Download Safari 10.1.1 (El Capitan)

Safari for Mac

 -  100% Safe  -  Freeware

What's new in this version:

Safari 10.1.1

SECURITY FIXES:
Safari:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Visiting a maliciously crafted webpage may lead to an application denial of service
- Description: An issue in Safari's history menu was addressed through improved memory handling.
- CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Safari:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Visiting a malicious website may lead to address bar spoofing
- Description: An inconsistent user interface issue was addressed with improved state management.
- CVE-2017-2500: Zhiyang Zeng and Yuyang Zhou of Tencent Security Platform Department
- CVE-2017-2511: Zhiyang Zeng of Tencent Security Platform Department

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
- CVE-2017-2496: Apple
- CVE-2017-2505: lokihardt of Google Project Zero
- CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative
- CVE-2017-2514: lokihardt of Google Project Zero
- CVE-2017-2515: lokihardt of Google Project Zero
- CVE-2017-2521: lokihardt of Google Project Zero
- CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
- CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative
- CVE-2017-2530: Wei Yuan of Baidu Security Lab
- CVE-2017-2531: lokihardt of Google Project Zero
- CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
- CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
- CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
- CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative
- CVE-2017-6980: lokihardt of Google Project Zero
- CVE-2017-6984: lokihardt of Google Project Zero

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.
- CVE-2017-2504: lokihardt of Google Project Zero

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.
- CVE-2017-2508: lokihardt of Google Project Zero

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.
- CVE-2017-2510: lokihardt of Google Project Zero

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.
- CVE-2017-2528: lokihardt of Google Project Zero

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues with addressed through improved memory handling.
- CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative

WebKit:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue existed in frame loading. This issue was addressed with improved state management.
- CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector:
- Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.5
- Impact: An application may be able to execute unsigned code
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-2499: George Dan (@theninjaprawn)

Safari 10.1

WEB APIS:
Fetch:
- Fetch is a flexible generic request-and-response API for the web, designed to replace XMLHttpRequest. The Fetch API makes it straightforward to access response headers and has built-in support for making CORS-friendly requests. It uses JavaScript Promises to make handling results easier

IndexedDB 2.0:
- Safari's IndexedDB implementation is faster and fully standards compliant, and supports new IndexedDB 2.0 features

Custom Elements:
- Custom Elements provides a mechanism for defining your own HTML elements with custom reaction callbacks to respond to changes in values. Combined with the slot-based shadow DOM API introduced last year, Custom Elements makes it possible to create reusable components

Input Events:
- Input Events simplifies the process of implementing rich text editing experiences on the web. The Input Events API adds a new beforeinput event to monitor and intercept default editing behaviors and enhances the input event with new attributes

Pointer Lock:
- In macOS Safari, an element can request pointer lock in response to a user gesture. Locking the pointer hides the cursor and extends the Mouse Events interface with movementX and movementY properties to provide raw mouse movement data. When the pointer is locked, users will see a banner explaining that the mouse cursor is hidden, and that they can get out of pointer lock by pressing the Escape key

Gamepad:
- The Gamepad API allows web content to receive input from connected gamepad devices. It simplifies the code required to support a wide variety of layouts, buttons, and joystick axes by mapping various input devices to a standard gamepad layout

JAVASCRIPT:
ECMAScript 2016 and ECMAScript 2017:
- Support for ECMAScript 2016 and ECMAScript 2017 is available in Safari for macOS and iOS. It adds support for async and await syntax, along with shared memory objects, including Atomics and Shared Array Buffers

HTML:
Interactive Form Validation:
- New support for interactive form validation makes it easier to create forms with validation constraints that automatically validate user data when the form is submitted. This feature helps you communicate what kind of data your form needs, and helps users understand how to enter correct information

HTML5 Download Attribute:
- The download attribute for anchor elements indicates that the link target is a download link that downloads a file, instead of a navigational link. When you click a a link with the download attribute, the target is downloaded as a file. Optionally, the value of the download attribute provides the suggested name of the file

HTML Media Capture:
- Safari on iOS supports the HTML Media Capture form extension. Using this extension, you can create forms that capture live data from a camera on the user’s device for use as a file input. The accept attribute states whether to record a still photo or a video, and the capture attribute states which camera to use. By default, data is captured using the rear camera

LAYOUT AND RENDERING:
CSS Wide Colors:
- CSS was previously limited to colors in the sRGB gamut. Now, you can specify colors in wider color spaces, such as Display P3, with a new color() function

CSS Grid Layout:
- Safari now supports CSS Grid, so you can create complex layouts that respond to viewport constraints. It divides the page into major regions of columns and rows and provides flexibility when describing the relationships of the grid containers

Updated Behavior of Fixed Position Elements:
- Safari now uses visual viewports, improving the behavior of fixed and sticky elements with pinch zooming. Focusing an input field no longer disables fixed and sticky positioning in iOS. This behavior is available in Safari and in pages displayed by a WKWebView object. The behavior inside a UIWebView object is unchanged

SAFARI BROWSER BEHAVIORS:
Keyboard Input in Fullscreen:
- In macOS Safari, keyboard input is no longer restricted while the web page is in HTML5 fullscreen

WEB INSPECTOR:
Improved Web Inspector Debugging:
- Web Inspector adds support for debugging Web Worker JavaScript threads in the Debugger tab. The Debugger tab also improves debugger stepping with code highlights for the currently-executing and about-to-execute statements. The new stepping highlights make it easier to debug JavaScript with complex control flow or many expressions on a single line

ACCESSIBILITY:
Reduced Motion Media Query:
- Use the prefers-reduced-motion media query to create styles that avoid large areas of motion for users that specify a preference for reduced motion in System Preferences

SAFARI APP EXTENSIONS:
- You can now dynamically change images of toolbar items, validate and dynamically change text in contextual menu items, and communicate directly to a Safari app extension from its containing app. A Safari app extension associated with a Content Blocker extension can reload and check its state
- Safari Extensions preferences now shows the localized description, display name, and version number for Safari app extensions, and provides a more nuanced message about the permissions claimed by Safari app extensions

Safari 10.0.3

Security Fixes:
Safari:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Visiting a malicious website may lead to address bar spoofing
- Desription: A state management issue in the address bar was addressed through improved URL handling

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
- Desription: A prototype access issue was addressed through improved exception handling

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Desription: Multiple memory corruption issues were addressed through improved memory handling

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Desription: A memory initialization issue was addressed through improved memory handling

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Desription: Multiple memory corruption issues were addressed through improved input validation

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
- Desription: Multiple validation issues existed in the handling of page loading. This issue was addressed through improved logic

WebKit:
- Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3
- Impact: Processing maliciously crafted web content may exfiltrate data cross-origin
- Desription: A validation issue existed in variable handling. This issue was addressed through improved validation

Safari 10.0.2
SECURITY FIXES:
WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved memory handling.
- CVE-2016-4692: Apple
- CVE-2016-7635: Apple
- CVE-2016-7652: Apple

WebKit:
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: A memory corruption issue was addressed through improved state management.
- CVE-2016-7656: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit:
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: A memory corruption issue was addressed through improved input validation.
- CVE-2016-4743: Alan Cutter

WebKit:
- Impact: Processing maliciously crafted web content may result in the disclosure of user information
- Description: A validation issue was addressed through improved state management.
- CVE-2016-7586: Boris Zbarsky

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed through improved state management.
- CVE-2016-7587: Adam Klein
- CVE-2016-7610: Zheng Huang of the Baidu Security Lab working with Trend Micro's Zero Day Initiative
- CVE-2016-7611: an anonymous researcher working with Trend Micro's Zero Day Initiative
- CVE-2016-7639: Tongbo Luo of Palo Alto Networks
- CVE-2016-7640: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7641: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7642: Tongbo Luo of Palo Alto Networks
- CVE-2016-7645: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7646: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7648: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7649: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
- CVE-2016-7654: Keen Lab working with Trend Micro’s Zero Day Initiative

WebKit:
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed through improved state management.
- CVE-2016-7589: Apple

WebKit:
- Impact: Visiting a maliciously crafted website may compromise user information
- Description: An issue existed in handling of JavaScript prompts. This was addressed through improved state management.
- CVE-2016-7592: xisigr of Tencent's Xuanwu Lab (tencent.com)

WebKit:
- Impact: Processing maliciously crafted web content may result in the disclosure of process memory
- Description: An uninitialized memory access issue was addressed through improved memory initialization.
- CVE-2016-7598: Samuel Groß

WebKit:
- Impact: Processing maliciously crafted web content may result in the disclosure of user information
- Description: An issue existed in the handling of HTTP redirects. This issue was addressed through improved cross origin validation.
- CVE-2016-7599: Muneaki Nishimura (nishimunea) of Recruit Technologies Co., Ltd.

WebKit:
- Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution
- Description: A memory corruption issue was addressed through improved state management.
- CVE-2016-7632: Jeonghoon Shin

Safari Reader:
- Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting
- Description: Multiple validation issues were addressed through improved input sanitization.
- CVE-2016-7650: Erling Ellingsen

Safari 10.0.1
- Multiple memory corruption issues were addressed through improved memory handling
- A cross-origin issue existed with location attributes. This was addressed through improved tracking of location attributes across origins.

Safari 10.0
The Safari 10 update is recommended for all OS X El Capitan users and contains improvements to privacy, compatibility, and security. This update:
- Adds support for Safari Extensions from the Mac App Store
- Displays HTML5 video whenever available for faster load times, better battery life, and stronger security
- Enhances security by running plug-ins only on websites you authorize
- Improves AutoFill and adds support for auto-filling information from any contact in Contacts
- Enhances the formatting in Reader view
- Remembers zoom level for each website users visit



Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more