Apple has unveiled a beta version of its Safari Web browser for Windows and Mac, prompting vulnerability researchers to release details of a slew of bugs.
Within hours of the release, security researcher David Maynor claimed to have found six vulnerabilities in Safari version 3 beta. Four of the vulnerabilities are simple denial-of-service bugs that crash the browser, but two of the flaws allow remote execution, he said in a post to his company's blog.
Israeli researcher Aviv Raff also claimed to have uncovered several bugs, while another researcher, Thor Larholm, revealed a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a website".
"Given that Apple has had a lousy track record with security on OSX, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted toward this new Windows browser," Larholm said on his website.
Many industry analysts see the rush to compromise Safari as a by-product of Apple's assurances that the browser is especially secure. The company's website claims: "Apple engineers designed Safari to be secure from day one." It is also the first time Safari has been available for Windows, the most-installed OS.
John Colombo, managing consultant for security practices at Cap Gemini, said: "Apple has clearly set itself up for this, and its refusal to engage with security researchers only adds fuel to the fire."