According to an article in PC World, only hours after Apple debuted its Safari browser for Windows, 8 bugs were found, one of which is so severe that it could let an attacker “grab complete control of the PC.”
David Maynor, the security consultant who found the first bugs told PC World,
“I can’t speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy on OS X as well,” he said in a posting on the Errata site. “The exploit is robust mostly thanks to the lack of any kind of advanced security features in [Mac] OS X.”
It was a Danish researcher, Thor Larholm, who found the most dangerous exploit, which could be used to hijack a PC said:
“On OS X, Apple has enjoyed the same luxury and the same curse as Internet Explorer has had on Windows, namely intimate operating system knowledge,” said Larholm. “The integration with the original operating system is tightly defined, but [that] knowledge is crippled when the software is released on other systems and mistakes and mishaps occur.“Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser.”
Apple chose not to respond to PC World’s requests for comment.
The beta site for Safari for Windows makes the following security claim:
Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.For starters, Safari uses robust encryption to ensure that your private information stays that way. When you browse a secure site, Safari displays a lock icon in the upper-right corner of the browser. If you want to know more about the credentials of a secure site, click the lock icon and Safari displays detailed information about the site’s security certificate.
A lock icon. Awesome. We feel better now. PC World is currently reporting that the number of Safari bugs is 18 and counting. Are they picking on poor Apple, or is this thing a train wreck? —MEGHANN MARCO
Researchers find eight bugs in Safari for Windows [PC World]
More From Consumerist
-
Google On The Hook For A Record $22.5 Million In Safari Privacy Case
-
El Al Error Allows Customers To Book Heavily Discounted Fares; Airline Decides To Honor Tickets
-
Sprint Glitch Repeatedly Directs Police & Angry Customers To Home Of Innocent Retiree
-
PC Manufacturers Say Windows 8 Has Driven Millions To Become Apple Users
-
Microsoft Decides To Try This Whole Windows 8 Thing Again With A Few Tweaks
Christ, leave Gizmodo and you STILL get a page full of raving jackass apple fanboys.
Beta means product is still in the testing phase, but it is only A SINGLE step away from a full public (Alpha) release.
If your product is fundamentally unstable at the time of Beta release, you’ve made a big fucking mistake. PERIOD. NO QUESTION. It’s the same for Microsoft products at the time of Beta – all computer companies should be treated equally for equally poor work. No excuses.
So quit writing out the fucking goddamn word “beta”, please!
@Pope John Peeps II: BETA != Release Candidate. A beta is more then a single step away from stable release. Hence why you can see companies put out small revisions but still keep something in beta. And if we are the creationists, you guys are the nazi’s of the internet. You guys are worse then pedophiles on 4chan.
@Pope John Peeps II: you’re backwards. got back and read that wiki article about software lifecycles. Alpha comes BEFORE Beta. you might be thinking to the RC stage.
and @tcp100: you think apple fanboys are arrogant elitists? lemme open up a can of my wicked-|33t custom-compiled all-beta gentoo box on your ass. and i can’t even step to those *BSD people.
@cde: Hey I take offense to that comment.
Saying their are pedophiles on 4chan gives pedophiles a bad name…
Well, everybody can just STFU now because Apple patched it this morning.
[www.macworld.com]
i must be missing something here. why in god’s name would someone intentionally download safari onto a PC? glutton for punishment? well, IE really sucks, so let me replace it with another shitty browser.
When did this place become Slashdot?
I will take raving Mac fan boys for a thousand Alex.
@Kryndis:
Okay, I’m wrong. I hereby correct myself correcting you.
This morning I read that the input validation problem is known to exist on OS X as deep as the current public release. The exploitation of that problem didn’t appear to rely on pushing data into the program stack, so it seems to me that PowerPC and Intel platforms are at risk.
I agree with you on all the points. I think the reason Apple didn’t take it down is because they released Safari on Windows so people could develop applications for the iPhone. While I’m sure Jobs would love to see people make it their browser on Windows, that just isn’t going to happen and I’m sure he’s aware of it. What he does need however, is people to be ready to kick out applications for the iPhone and they need Safari on Windows to make that happen.
Is it responsible? In my opinion, they could do better. And certainly they could do better in making sure these errors don’t get released. I think the problem with Safari is being magnified by every security “researcher” looking for their name in print as opposed to objectively looking at the problem and the exploit.
This wouldn’t have happened if they used a credit union.
@Papa Midnight: “what is worse… a Microsoft fanboy, or an Apple fanboy? Mind you that you can talk some sense into the latter…”
WRONG! If that were true, there would not be a single-word counter argument. You all look like kids with your fingers in your ears while repeatedly screaming “Beta! Beta!”
As for ‘Microsoft Fanboys’, they are the first to give hell when Microsoft screws up and don’t deny their products have problems and or that things should be designed differently. Furthermore, there are many websites and forums dedicated to that and they also try to lobby for change. Does that exist with Apple fanboys? No, they just silently bitch about it and accept it because the Creator works in mysterious ways.
@Crazytree, you nailed it perfectly!
@ExecutorElassus: Man, I NEVER said the individual linux distro / BSD nuts weren’t as bad. They are – they just usually confine themselves to slashdot.
ANY zealot really needs to go and check what their life is all about. I’ll give you a hint: the brand of computer / type of OS / browser you use should probably be the bottom 10 criteria of defining yourself, not the top 3.
@dmc: “Well, everybody can just STFU now because Apple patched it this morning.”
Whew, good to know. Hey, I guess all the Apple guys will then STFU about Microsoft too, right? I mean they release patches..
I think the point here that is being missed is that Apple, like Oracle’s “UNBREAKABLE” ad sets themselves up for this kind of scrutiny by their arrogance and their supporters’ claims of infallibility.
@tcp100: I think the point here that is being missed is that Apple, like Oracle’s “UNBREAKABLE” ad sets themselves up for this kind of scrutiny by their arrogance and their supporters’ claims of infallibility.
Well put, especially the last four words.
If you’re not using a text browser, you’re not hardcore enough.
@SexCpotatoes: Nice job of getting my point.
HAHAH
The best browser….yeah right….they should get sued…..
It crashes on mac constantly…ebay to safari is like water to the evil witch of the west….
I assume it crashes even more on windows…..
I never even heard of safari for windows….
I use firefox on all three oses…