urn:uuid:9932f894-283b-5104-bbfd-9ac22085562c Topic: iOS – Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2022 Daniel Aleksandersen. https://www.ctrl.blog/assets/logo/logo-square.svg 2022-03-16T13:02:00Z weekly 10 urn:uuid:e2089e86-e636-4af6-9624-104d77bfced0 2019-06-22T22:14:00Z 2019-06-22T22:14:00Z Safari’s Beacon API problems You must implement the Beacon API the way WebKit deems to be “the right way” to make it work on iOS, Safari, and WebKit browsers. <p>The Beacon API is available in all current mainstream web browsers, and was introduced in Safari in version 11.11 (iOS 11.3 and MacOS 10.13.) However, Safari have had some trouble delivering on the promises of this web API; especially on iOS.</p> <p><a href="https://www.ctrl.blog/entry/safari-beacon-issues.html">Read more …</a></p> urn:uuid:2c32fbfb-7fda-4be0-8482-7dbda009912b 2018-11-21T14:37:00Z 2022-03-16T13:02:00Z Safari’s default media controls get blocked when CSP is applied Any HTTP Content-Security-Policy blocks the default <audio>/<video> controls in Safari unless you deliberately make it less secure. <p>I recently ran into an unexpected road block trying to deploy a <code>Content-Security-Policy</code> (CSP) on a website that relied on the native media controls provided for the HTML <code>&lt;audio&gt;</code> and <code>&lt;video&gt;</code> elements in Safari. The default browser-provided multimedia controls were good enough for my purposes and they provide a platform-native user experience to all users. To my surprise, I noticed that there were no usable playback control buttons in Safari on pages with a strict content security policy.</p> <p><a href="https://www.ctrl.blog/entry/safari-csp-media-controls.html">Read more …</a></p> urn:uuid:c1bddcd2-11b9-4643-8069-6032f661642e 2017-05-30T13:54:00Z 2017-05-30T13:54:00Z 50+ unpatched security vulnerabilities in A5-generation iOS devices Stop using your old iOS devices when they no longer receive security updates. There are over 50 known security issues with iOS 9.3.5 to date! <p>Devices running the Apple A5 chipset were all abandoned last year when Apple released iOS 10. Since then, there are 51 disclosed security vulnerabilities in iOS 9.3.5 — the last version available to devices with A5 chipset. Including a lock screen bypass vulnerability and 20 issues that are remotely exploitable through Safari (and any other web browser allowed on the device.)</p> <p><a href="https://www.ctrl.blog/entry/apple-abandoned-product-security.html">Read more …</a></p> urn:uuid:86117f3b-32e5-46e3-8cd2-e0a5cce7f3ac 2016-07-13T14:42:00Z 2016-08-21T22:54:00Z Apple News app getting its own User-Agent in iOS 10 Apple News app to stop pretending it’s the Safari browser. The new User-Agent makes it easier to measure success the App with existing web analytics solutions. <p>Users of the Apple News service were until now indistinguishable from the ones surfing through web views of in-app browsers.</p> <p><a href="https://www.ctrl.blog/entry/applenews-user-agent.html">Read more …</a></p> urn:uuid:c7aeb73d-047b-4bd3-8e4e-4474af3b70e4 2016-07-11T12:09:00Z 2016-07-11T12:09:00Z 3-year old iPod 5 no longer receiving software updates from Apple Apple abandoned my 3-year old iPod Touch, and I don’t think I’ll ever buy another Apple product. Consumers must trust companies to deliver software updates. <p>About a month ago, I jotted down an idea for an article simply saying: “iPod touch, all-time favorite Apple product”. This was true until last week when Apple stopped providing software updates for a three-year-old product.</p> <p><a href="https://www.ctrl.blog/entry/ipod-5gen-iosx.html">Read more …</a></p>