Safari Team Deprecates Extensions

From the horse’s mouth:

Developer-signed Safari extensions are not supported in Safari 12. Safari extensions distributed in the Safari Extension Gallery are deprecated, and Safari 12 is the last release to support them. Safari by default will turn off Safari extensions using canLoad. Instead, use Content Blocker extensions. New submissions to the Safari Extensions Gallery will be accepted until the end of 2018.

From what I can tell there will still be some form of extensions, they’ll just depend on different, read: more secure, APIs. Some more unofficial reassurance from the peanut gallery on Hacker News (via floatingatoll):

Safari Extensions appears to run as JavaScript code in an internal webpage instance that has unrestricted DOM access to your tabs and their content. Safari App Extensions appears to separate “in-page JS code” from “out-of-page Objective-C code” and introduces a sandbox that protects the in-page JS code from inspection or alteration by the out-of-page ObjC code. If I understand that correctly, then I feel this is a clear security win. It forces extensions to run in-process (with DOM access) only the code that they shipped at build time, with only a simple data structure channel available to communicate with their out-of-process component. I’m not sure what attacks on Safari using the old extension model led Apple to sandbox and secure this, but given the “App Store” hint, it seems likely that in-browser malware extensions exist and are being installed into Safari without user consent to spy on surfing and exfiltrate data for tracking. This would be a gold mine for a government-backed attacker, as the extensions are silent once installed and effectively invisible to most users. By introducing mandatory App Store review of all extensions, Apple could then analyze the in-page JavaScript code to ensure that it does not perform malicious actions. This explicitly protects against advertising and tracking attacks: any that escape initial analysis will be reported by users and security researchers. As we’ve seen on iOS, when someone finds an attack vector in one app, Apple can find and destroy all apps that exercise that vector. They would now be able to do the same with any malicious extensions that somehow survive the App Store review process.

Comments?

Nope. Don't worry about leaving them here, instead hit me up @TRST_Blog and share your thoughts.