The Month: Apple unveils beta version

Apple has unveiled a beta version of its Safari Web browser for Windows and Mac, prompting vulnerability researchers to release details of a slew of bugs.

Within hours of the release, security researcher David Maynor claimed tohave found six vulnerabilities in Safari version 3 beta. Four of thevulnerabilities are simple denial-of-service bugs that crash thebrowser, but two of the flaws allow remote execution, he said in a postto his company's blog.

Israeli researcher Aviv Raff also claimed to have uncovered severalbugs, while another researcher, Thor Larholm, revealed a "fullyfunctional command execution vulnerability, triggered without userinteraction simply by visiting a website".

"Given that Apple has had a lousy track record with security on OSX, inaddition to a hostile attitude towards security researchers, a lot ofpeople are expecting to see quite a number of vulnerabilities targetedtoward this new Windows browser," Larholm said on his website.

Many industry analysts see the rush to compromise Safari as a by-productof Apple's assurances that the browser is especially secure. Thecompany's website claims: "Apple engineers designed Safari to be securefrom day one." It is also the first time Safari has been available forWindows, the most-installed OS.

John Colombo, managing consultant for security practices at Cap Gemini,said: "Apple has clearly set itself up for this, and its refusal toengage with security researchers only adds fuel to the fire."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.