Security researchers: Safari for Windows not so secure
Within hours of Apple's public release of the beta for Safari 3.0 for Windows, three security researchers independently found holes within the new browser. Researcher Aviv Raff highlighted in a blog post the company's product statement, that reads: "Apple's engineers designed Safari to be secure from day one." Raff found a vulnerability, a memory corruption error that could allow an attacker to insert malicious code on a Windows machine, within three minutes using publicly available fuzzing tools.
Security researcher David Maynor, posting on his Errata security blog, said he was also able to generate a memory corruption error "in no time." By the end of the day, he was able to generate a total of six bugs--four producing a denial of service (crash), and two capable of executing remote code.
Veteran security researcher Thor Larholm wrote in his blog that he found a "0day" vulnerability in Safari within two hours. The flaw exists in how Safari handles URL protocols within Windows, causing a denial of service (crash). Larholm has published an exploit to demonstrate the flaw.
All of the vulnerabilities were found on Windows machines; none of the researchers could say whether these flaws also existed on the Mac OS.
Watch Full-Disclosure mailing list for more info.
n3td3v
Well, if Apple wants to go mass PC, it's gonna be bitten. Congratulations to Microsoft... eh.
the fun'.
I'm not suggesting Microsoft's software is better than Apple here. I'm just saying you Apple fanboys need to think a little bit before dumping on Microsoft.
-Sean
Quote from this link:
I can't speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX, I write about it here.
Oh, and it's beta folks, on Windows.
That most hacks and exploits are through Applications and not the OS.
And this might also show that Apple is not the best designer of programs, they really never have been.
Remember what they keep telling us, they are a HARDWARE COMPANY!! lol
experienced Mac user knows it has its flaws. However, what is
commonly said, and I have found this to be true, is that the
flaws tend to to be less hampering than on windows. Most
"flaws" in the UI of OS X are just oversights indesign that can be
fixed through updates. For this little bit of trouble, you get a
more robust OS that has the comfort of a, may the Mac Gods
forgive me, windows comparable GUI yet the power of a
command line driven OS.
Next, yes we are going to remind you that this is beta software.
This is in fact the purpose of releasing software to the public in
beta form. To find all of the bugs that you can't work out in a
lab. What has happened is that new age companies like Google
have ruined the term beta by leaving their finished software
labeled as beta. Now, everyone thinks that just because it says
beta doesn't mean that it won't run well. That is exactly what
beta means. It will not run as well as the finished product you
are expecting.
As a note, I am using Safari 3 on my Mac and I have only found
one bug so far. On some pages, when you download a web
based PDF file the browser quits. However, I have not seen this
enough to say that it is the browser and not the sites. Anybody
know anything about this?
- Can I believe my eyes
-
by andrew77uk
June 15, 2007 4:55 AM PDT
- Of course its buggy its beta, and like stated before, the point of beta software is to iron out bugs. Someone asked does apple have nothing better to do? Well yes probably, but think out side the box. Releasing mac apps on the pc is great marketing for apple, the safari version on the mac will have more features, and if people like safari enough it my spark their interest in looking to get an apple mac.
-
Reply to this comment
-
-
See all 32 Comments >>