Apple has re-released Safari 14.1 for macOS 10.15 Catalina and 10.14 Mojave with fixes for two additional WebKit vulnerabilities, on top of the three vulnerabilities fixed in the initial 26 April 2021 release. (That release broke WebAuthn, causing Apple to pull the download quickly.) Safari 14.1 also enables you to customize the Start Page section order, supports an additional WebExtensions API that enables developers to offer extensions that replace the new tab page, introduces the Web Speech API to enable developers to incorporate speech recognition into Web pages, and adds support for the WebM and Vorbis video and audio formats. You can download Safari 14.1 only via Software Update. (Free, release notes, macOS 10.15+ and 10.14+)
Apparently, Apple has pulled this update due to it breaking WebAuthn. I’m not entirely certain what that entails yet, but regardless, if you can’t update at the moment, don’t worry. If you have already updated and notice problems, it’s probably easiest to use another browser until Apple issues a fix.
Not sure whether Safari 14.1 for Big Sur also breaks WebAuthn or not. Apple can’t pull it because, as indicated, it was included with macOS 11.3 update, so those users will continue to receive it with their update.
I updated and so far mostly seems to work alright logging into accounts, etc
… except it got a bit stupider finding my bookmarks when typing in the address bar (e.g. used to find “Play Jumble” by typing “jum”, now it takes “jumbl” to find it and then, only after I changed the bookmark name to start with Jumble…)
The botched Safari 14.1 update for Mojave appears to be blocking Apple Mail from accessing my Gmail accounts, which I usually access from Apple Mail rather than through Google’s webmail. I don’t use Safari regularly, but I did update it when the Mohave update came out. Google then decided a new computer had accessed by account from Massachusetts with Mac OS (it was me), and asked me to validate my account, which required me to enter my password. Apple Mail kicked the request to Safari and the password validation did not work. This has now spread to all three of my gmail accounts. It has not affected my access to my personal domain webmail and to my icloud account.
Following up on my last post – the aftermath of the Safari 14.1 update spread to blocking access to iCloud, so I called into Apple Support and spent two hours with them cleaning up the mess late Sunday afternoon. It’s now 24 hours and no more problems as far as I can tell, but I am being very cautious about using Safari and anything that might get Google upset.
Apple has re-released Safari 14.1 with fixes for two more security vulnerabilities, in addition to those fixed in the initial release. I’ve updated our Watchlist item accordingly.
Join the discussion in the TidBITS Discourse forum