Apple patches Safari AutoFill security flaw, adds extension support

Delivering on a promise the company made back in June, Apple on Wednesday released an update to Safari 5 which turns on extensions support akin to what browsers such as Firefox and Internet Explorer have been offering for years.

In addition to the debut of these plugins, Apple also plugged several security issues, including a widely publicized flaw in the AutoFill feature that could open up users to information disclosure.

To centralize the process, Apple has created the Safari Extensions Gallery, which currently includes about 100 extensions. Web sites and services such as Twitter, Bing, MLB, and eBay are some of the companies initially participating.

"We're thrilled to see so many leading developers creating great extensions and think our users are going to love being able to customize Safari," OS X marketing chief Brian Croll said in a statement.

Apple said these extensions are built using HTML5, CSS3, or JavaScript. In addition to downloading them from Apple, the company said developers would also be able to allow users to give the option to install the extension from their own sites.

Updates would occur in the background. This would be a different experience from Mozilla's Firefox, which requires the user to restart the browser in order for the changes to take effect. In addition, they run separately from the browser -- called "sandboxing" -- preventing malicious attacks on a user's computer.

Like its App Store, it appears that the extension must carry some type of digital signature provided by Apple in order to install. It was not specified though whether this meant that an extension would need to be "approved" in order to be installable in Safari.