We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Safari for Windows: 18 bugs in one day

Threats in Apple's Internet Explorer competitor

Security researchers have jumped on Apple's beta version of the Safari browser, digging up as many as 18 bugs in the software, just one day after its release.

See our first review of Safari 3.0 beta on Windows.

Researchers Aviv Raff, David Maynor and Thor Larholm all reported flaws in the browser, shortly after it was made available on Monday. Maynor alone said he'd discovered six bugs, including two that could be used to run unauthorised software on a victim's PC.

Safari 3.0 is getting more attention because, for the first time, Apple has made a Windows version of the software available. Now the software can be downloaded by a much larger group of testers.

Another researcher, Tom Ferris, said his vulnerability testing ‘fuzzer’ software turned up 10 flaws in the browser in just five minutes.

He had harsh words for Apple's security team. "That's horrible, and just goes to show that they took no initiative to fuzz their own software," he said.

Apple itself had little to say about all of the bug-finding. "We take security very seriously and we're investigating these reports," an Apple spokesman told us.

Although Safari 3.0 is beta code, and expected to include bugs, Ferris said that Apple's team should have tested it more carefully before making it available to such a large group of testers. "In order to have a useful beta test of a web browser people need to use it in the real world, which is ultimately exposing them to malware," he said.

Ferris and other researchers were also eager to deflate Apple's claim that, "Apple engineers designed Safari to be secure from day one," a statement that Raff called "pathetic”. See Apple's Apple's Safari for Windows hacked already.

The Safari vulnerabilities were widely reported yesterday on blogs and technology news sites, but according to Matthew Baker, too much was made of the issue. "Reporting as news that a beta program has bugs... seems like reporting that there's rain in Seattle," he said.

"The beta version is being held to the standard that a Gold Master copy should," said Baker, a Mac user who works as a customer service representative with First Utah Bank in Salt Lake City Utah. "It just seems to me that some people... feel some sort of pleasure in reporting issues with Apple's software."


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia