Security flaws found in Safari for Windows
'Highly Critical' and unpatched
A SHARP Argentinian researcher has raised the alert about two security flaws he discovered in Apple's Safari for Windows web browser.
Juan Pablo Lopez Yacubian characterised the vulnerabilities in the just lately released Safari for Windows 3.1 as serious, saying they could both potentially enable an attacker to remotely take over one's computer.
He said the most dangerous vulnerability could allow a maliciously structured website to "falsify the web address and enter another page or content."
That would mean that you might see an expected URL in Safari's address bar but the actual source address might be different, potentially loading malicious code that could put your computer and data at risk.
The second vulnerability could be triggered by downloading a file with a very long filename, which could cause a buffer overflow condition possibly leading to memory corruption that might permit the execution of arbitrary code.
Web User reports that security firm Secunia has classified both of these fresh vulnerabilities as "highly critical" flaws, its second highest severity rating.
These two new Safari for Windows security flaws are as yet unpatched and so far Apple has refused to comment, according to Web User. µ
L'Inq
Web User
Comments
Safari for Windows 3.1
Safari for Windows 3.1! Who is still running Windows 3.1?Windows 3.1
I didn't know they made Safari for Windows 3.1... oh wait.Backwards Compatibility?
"Safari for Windows 3.1"No wonder there are security flaws with that backwards compatibility!
Flaws?
So the auto-update with iTunes isn't the only flaw?Safari for Windows 3.1
They are pretty serious with their Windows plans then.To all the Apple apologists
THIS is the reason why Apple's decision to push Safari to iTunes users in the disguise of a software update is such a big deal.If we turn off Apple Software Updater then we run the risk of highly critical flaws in software we do use going unpatched, whereas if we leave it on, who knows what Apple will decide to push out to us next opening up yet another vector for a security breech.
For the tech-savvy people who know to read things before clicking this is just a nuisance, but a large number of people using iTunes are doing so just because that's what they were told to do to get their iPods working.
What do you expect
When you put the program on top of a swiss cheese OS like Windows things like this are bound to happen.Get A Mac and quit whining.
Does Apple still do no harm?
I think it's ironic that apple boasts about It's superior security and how its not being a bundling giant like microsoft makes it such a better company. We already know what apple did here. Safari for one is a POS because if you have to almost completly hide its installation from the user; you cant get those users to download it themselfs. Either this is the spoon Fed apple centric way or jobs has another Imovie08 on his hands and is trying to quickly flog it off on windows to bash Bill. Either way were probably gonna hear a bunch of apple fan bois spout off how this is a windows problem. True and not true. Vista's biggest problem is driver quality and that's not MS's problem for the most part, but rather hardware company's folly that they fcked it up. Granted even with good drivers I'd take my WIN2K anyday.''Cough" who see's the simularities between vista's first few weeks out and leopards. No doubt Bill and job's will knock on my door in a while with large blunt objects in hand.
"Check please waiter"
Everything has its beauty but not everyone sees it.
Confucius (551 BC - 479 BC)
@Dr. T
"Who is still running Windows 3.1?"http://home.clara.net/lesmcdm/images/desktop.png
Guilty I'm afraid. ;)
Swiss Cheese OS?
I'll agree that Windows code needs to be tighter. But Apple needs to realize that programming on an OS that runs on at least 85% of the desktops in the world requires more attention to detail than for an OS that runs on less than 10%.More people probing for flaws my friend. Looks like a few tipped up pretty quick in this case.
2 Critical flaws?
So it's explorer compatible then...Apple can't code as well as Mozilla/Opera?
Leave it to Applefan to try to excuse Apple's poor coding.If Mozilla and Opera don't have these flaws, then it's Apple's fault, and no one else's. There are enough other examples out there that they could've seen what was expected of them from what already exists.
Living so long in their own closed ecosystem helps them forget a primary principle of computers, if you don't do what I expect and other can, I'll use their product instead.
With Firefox 3-4 and Opera 9.26 why would anyone bother with Safari?
Windows may suck, but hey so does Safari obviously.
Ancient vulnerabilities
I run Windows 3.1, why?!?! Didn't you ever have some fun with virtual machines?Back in the topic, as far as I remember, quite a few years ago, these kind of flaws once were discovered in Internet Exploder, Firefox and even Netscape and were then fixed after being immensely seen in the wild.
Looks like Apple have a thing to learn about Internet safety.
Good job, Jobs.
Weak, amateurs...
Buffer overflow is something that shouldn't exist today...Perhaps they were coding for Win3.1...
Ambiguous Wording... :-(
Come on folks, 3.1 is the version of Safari, not Windows. Sheesh!See:
http://www.theinquirer.net/gb/inquirer/news/2008/03/25/mozzilla-boss-bites-apple
@What do you expect
It's an application flaw. OSX won't protect you from apps running under your privileges doing things to files and processes you can access.The bugs in Safari may not allow a rootkit to be installed, but can easily transmit *all* your personal files elsewhere, and bugger the copies on your machine.
*nix and M$ would all have the same issue.
Violation of EULA
According to Safari EULA you are not allowed to install it into Windows so who cares about security flaws.