Windows Software

Apple Struggles to Salvage What It Still Can Out of Safari on Windows

And of the perception of security

By Marius Oiaga, Technology News Editor

15th of June 2007, 11:25 GMT

Adjust text size:

On June 11 2007, Apple released Safari 3.0 in the Windows jungle. The browser's official welcome to the most attacked platform in the world was a collection of no less than eight vulnerabilities. Safari's first day on Windows Vista and Windows XP was a genuine case of 'reality contradicts marketing'. In tune with the general strategy of the Cupertino-based company, Safari 3 was applauded as delivering a high level of security. "Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one," reads a message

on the Safari web page.

Security from day one was a myth shattered, what an incredible coincidence, in the very first hours of the first day. Three days following the initial launch, Apple jumped to patch the Safari 3 beta on Windows. The Cupertino based company made available a total of three security updates targeting critical vulnerabilities in the browser. Apple fails to rank vulnerabilities - yet another marketing jugglery - but as all three security flaws allow for remote code execution, a severity level of Critical is inherent.

"The Safari 3 Public Beta was released on June 11 for Mac OS X and Windows XP/Vista. This beta software is for trial purposes and intended to gather feedback prior to a full release. Safari 3.0.1 Public Beta for Windows is now available," Apple revealed in the information associated with the update.

"Apple has just released version 3.01 of their Safari web browser, together with some release notes on their Security-announce mailing list. As you can see from those release notes the vulnerability that I discovered is one out of three that have been fixed, and as far as I can tell right now the vulnerability has indeed been fixed. Quotes and whitespace is now filtered on any requests to external URL protocol handler applications, but other characters are still being passed without filtering so I expect to find some variations pretty soon," stated Thor Larholm, one of the security researchers that identified vulnerabilities in the browser following the launch.

Apple has also patched a flaw identified by Aviv Raff, but the company failed to credit the security researchers for the vulnerabilities. Security expert David Maynor, also a contributor to the Safari 3.0 vulnerability list, has not submitted his finds to Apple because of how the company understands to deal with independent security researchers.

TAGS:

Safari 3 | Windows | security

SEARCH THE NEWS ARCHIVE :

Today's News | Yesterday's News | News Archive

User opinions:

Comment #1 by: Lost Angel on 15 Jun 2007, 14:16 GMT

reply to this comment

Another case of poor journalism:
- On June 11 2007, Apple released Safari 3.0 in the Windows jungle.
followed by
- The Safari 3 Public Beta was released on June 11

That makes one think that Mr. Oiaga is either stupid or just hates Apple so much that any cover ups justify the means to shame it. I could not care less for Apple and its browser. But blaming a !beta! product for not having the security of a final release is plain bad journalism!

Share your opinion:

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| ENTER NEWS SITE \| ENGLISH BOARD \| ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved. Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use \| Update your software \| Archive

NEWS CATEGORIES: