According to an article in PC World, only hours after Apple debuted its Safari browser for Windows, 8 bugs were found, one of which is so severe that it could let an attacker “grab complete control of the PC.”
David Maynor, the security consultant who found the first bugs told PC World,
“I can’t speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy on OS X as well,” he said in a posting on the Errata site. “The exploit is robust mostly thanks to the lack of any kind of advanced security features in [Mac] OS X.”
It was a Danish researcher, Thor Larholm, who found the most dangerous exploit, which could be used to hijack a PC said:
“On OS X, Apple has enjoyed the same luxury and the same curse as Internet Explorer has had on Windows, namely intimate operating system knowledge,” said Larholm. “The integration with the original operating system is tightly defined, but [that] knowledge is crippled when the software is released on other systems and mistakes and mishaps occur.
“Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser.”
Apple chose not to respond to PC World’s requests for comment.
The beta site for Safari for Windows makes the following security claim:
Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.
For starters, Safari uses robust encryption to ensure that your private information stays that way. When you browse a secure site, Safari displays a lock icon in the upper-right corner of the browser. If you want to know more about the credentials of a secure site, click the lock icon and Safari displays detailed information about the site’s security certificate.
A lock icon. Awesome. We feel better now. PC World is currently reporting that the number of Safari bugs is 18 and counting. Are they picking on poor Apple, or is this thing a train wreck? —MEGHANN MARCO