Apple has released Safari 13.1.1 for macOS 10.14 Mojave and 10.13 High Sierra, addressing a logic issue that could allow a malicious process to cause Safari to launch an application. The update also addresses a variety of WebKit-related security problems, including memory corruption that could lead to arbitrary code execution and an input validation issue that could allow maliciously crafted Web content to instigate a cross-site scripting attack. Safari 13.1.1 is available only via Software Update. (Free, 10.13.6 and 10.14.6)
I run Mojave 10.14.6. I don’t use Safari often, but I decided to check on this “update”. My version of Safari is 12.1.2. I tried the Apple App Store, no update is posted.
You must have skipped some previous updates, as I’m running Mojave and my Safari is 13.1. I’m up-to-date on updates except the latest two just posted. The reason could be that you’re looking in the wrong place. Since Mojave, App Store is just application updates, look in System Preferences… > Software Update for macOS and Safari updates.
I see macOS updates through the App Store Update tab… High Sierra on a 2014 MacBook Pro.
Yes, they used to be in the App Store, but they were moved to the preference pane in Mojave (I’ll edit my response to David to make that clear).
Yes - with Mojave the Safari update is downloaded via Sys Prefs. However it comes with a macOS update that, annoyingly, prevents us from turning off Catalina nagging:
Actually, it isn’t included with the Security Update, Safari 13.1.1 is completely separate, but you have to click on the second “more…” closer to the bottom of the window to see that it’s separate. Just uncheck the macOS update if you aren’t concerned with all those security patches.
Sigh. Safari 13.1.1 (13609.2.9.1.3) seems to add ANOTHER restrictive behavior, with no mention in the release notes. (currently in High Sierra 10.13.6)
For sites requiring logins…
a) used to allow log in (once), and then open a bunch of their links by command clicking (to open in new tabs).
b) NOW, it requires re-logging for every tab(!) ARGGH.
I’ve tried this with multiple web-based forums and same behavior. (eg, search on “foo,” then keep the results in first tab as a reference list, and then command-click various to open each to their own tab/article. Work through each of them (skim, read, save as PDF or bookmark, etc.) and close, until get back to the search results. Rinse/repeat.
Even on TheAtlantic.com, sign in, make a bunch of cmd-clicks on homepage (as above to create separate articles to read), and every single tab requires re-logging in.
I’ve tried deleting cookies in question; no change. etc.
••• It ALSO logged me out of every single site.
Another “dumbing down” of Macintosh.
I do that all the time. I’d like to think that requiring login on each tab is a bug that Apple will quash soon, rather than a design decision. This would be a deal-breaker for me.
FWIW, I am not seeing this problem on 13.1.1 on Mojave. Cmd-clicking on links at logged-in sizes keeps me logged in on the new tabs. I tried with a few sites, some forums, some news sites in which I have a log in.
Strange that I’m not seeing this issue, at least in Mojave where I am at the moment.
I have an old MBP with High Sierra installed at my summer house. I’m not sure when I’ll get back up there - maybe tomorrow - but the next chance I get I’ll make sure all of the updates are installed and see if I can replicate that issue.
I just checked on my High Sierra machine, and Safari 13.1.1. is running fine for me there, too. I wonder, though - have you opened a private window in Safari? Because what you describe is standard behavior in a private browsing window.
Thanks for checking Doug, and to all for feedback.
Def. not “private window.”
Not a function of the OS upgrade, because Chrome & Firefox work with their old behavior just fine.
Rebooted, clear Safari cache, etc. but same behavior: Command clicking on URLs inside a paywall / forum login causes the login credentials to be ignored (ie, requiring logging in each time).
For grins, I’ll try it on Crapalina at some point.
Join the discussion in the TidBITS Discourse forum