14 DAY TRIAL // Since Apple rolled out Safari for Windows, we all knew that a new player joined the browser war and would attempt to compete with the two giants, Internet Explorer and Firefox. Safari came from Mac OS X, a platform which has always been regarded as a more secure alternative to the traditional Microsoft Windows, so it was obvious that Apple's browser had to be focused on users' security. With more bugs and vulnerabilities affecting Microsoft's Internet Explorer, the consumers decided to give Safari a try and see if it's really different. And it was. But, many users complain that Safari is buggy and sometimes works very slowly in comparison with its rivals.
I'm sorry to disappoint you, but today, I have another sad piece of news for you: a new vulnerability has been discovered in Apple Safari and all the browsers have to be updated to the latest versions in order to avoid a successful exploitation. 'Piece of cake' you may say, but there are users who are not willing to update their program for various reasons, so they remain vulnerable to attacks as long as they use the affected program.
Now, let's get deeper into Safari's security problems. SecurityFocus today reported a 'subframe same origin policy violation vulnerability' that affects most versions of Safari. Safari 3.0.3, Safari 3.0.2 Beta for Windows, Safari 3.0.1 Beta for Windows, Safari 3 Beta for Windows and their Mac OS X corresponding versions are all affected by the vulnerability.
"Apple Safari is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for subframe access. An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser", SecurityFocus wrote in the advisory rolled out today.
Now, you're probably looking for the solution to avoid a successful exploitation of the flaw. The Mac OS X users are a bit luckier because the Cupertino company included patches to correct the vulnerability in the last Mac OS X updates released a few days ago. The Windows users have to update to Safari 3.0.4, the only version which appears to be secure in front of the attacks.