Steve Jobs must have been kicking ass and taking names. Because only 3 days after the initial release, of Apple’s Safari Web Browser for Windows that had 6 security bugs known as of this article, Apple has released an updated version, version of the Safari software. According to Engadet the following bugs have been fixed with this new release.

CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code execution
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.

CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.

CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.

This is a nice turn around time indeed, but my heart goes out to the Safari developers because they probably worked night and day for the last 72 hours, with the watchful eye of Steve Jobs over them. Good job Apple, now get some rest.

So if you feel inclined and don’t think you already have too many web browsers:

Download Safari

Tags: Apple, Internet Browser, Safari, Security

Posted in Programming, Rant | | | View blog reactions | 1 Comment »

Apple has just released a public beta of its Safari browser for Windows yesterday. And there have been already 6 zero day exploits and many, many crashes for the browser. You can read about them here here here and here. Which makes the following image from the Apple website, borrowed from aviv.raffon.net, all the more funny.

Also Apple has the following to say under the Security tab of their website:

Security

Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.

For starters, Safari uses robust encryption to ensure that your private information stays that way. When you browse a secure site, Safari displays a lock icon in the upper-right corner of the browser. If you want to know more about the credentials of a secure site, click the lock icon and Safari displays detailed information about the site’s security certificate.

Safari supports SSL versions 2 and 3, as well as Transport Layer Security (TLS), the next generation of Internet security. Safari uses these technologies to provide a secure, encrypted channel that protects all your information from online eavesdroppers. And Safari lets you use standards-based authentication such as Kerberos single sign-on and X.509 personal certificates, or proprietary protocols like NTLMv2 to log in to secure sites.

Safari also supports a variety of proxy protocols — services that help firewalls control what flows in and out of the network — including Automatic Proxy configuration, FTP Proxy, Web Proxy (HTTP), Secure Web Proxy (HTTPS), Streaming Proxy (RTSP), SOCKS Proxy, and Gopher Proxy.

I don’t know about you, but it’s one thing to say that you have designed your browser to be secure from day one, but it’s another to actually prove it. Apple has fallen flat on its face with this release, and I know it is only a beta, but Fire Fox and IE have both been in beta before and haven’t nearly had this many problems.

All that I have to say is when you venture out in to the Windows world Apple, where the market share is at 90% you are not protected by your small margins anymore.

Tags: Apple, Internet Browser, Microsoft, Performance, Safari, Security, Windows Vista, Windows XP

Posted in Programming, Rant | | | View blog reactions | 1 Comment »