A couple of months ago I disclosed an issue I had discovered and reported to Apple Product Security: Safari runs disabled extensions. At the time, Apple Product Security felt that there were no actual security implications to this, which is why I went public. However, they seem to have had a change of heart after the publication of my blog post. Apple fixed the issue in Safari 13.1, released today, and credited me in the document describing the security content of Safari 13.1. Under "Addition...
