Apple has unveiled a beta version of its Safari Web browser for Windows and Mac, prompting vulnerability researchers to release details of a slew of bugs.
Within hours of the release, security researcher David Maynor claimed tohave found six vulnerabilities in Safari version 3 beta. Four of thevulnerabilities are simple denial-of-service bugs that crash thebrowser, but two of the flaws allow remote execution, he said in a postto his company’s blog.
Israeli researcher Aviv Raff also claimed to have uncovered severalbugs, while another researcher, Thor Larholm, revealed a “fullyfunctional command execution vulnerability, triggered without userinteraction simply by visiting a website”.
“Given that Apple has had a lousy track record with security on OSX, inaddition to a hostile attitude towards security researchers, a lot ofpeople are expecting to see quite a number of vulnerabilities targetedtoward this new Windows browser,” Larholm said on his website.
Many industry analysts see the rush to compromise Safari as a by-productof Apple’s assurances that the browser is especially secure. Thecompany’s website claims: “Apple engineers designed Safari to be securefrom day one.” It is also the first time Safari has been available forWindows, the most-installed OS.
John Colombo, managing consultant for security practices at Cap Gemini,said: “Apple has clearly set itself up for this, and its refusal toengage with security researchers only adds fuel to the fire.”