Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
 
"Hi Nadim, I'm the chief marketing officer at Ounce Labs, and I disagree with your statement. ..."
on Ounce Labs 5.0
by Jennifer Sullivan | Jun 30, 2009 11:56 PM
 
"noobs!"
on Australia shows poor resistance to phishing
by webappsec | Jun 30, 2009 4:53 PM
Web

More Safari bugs found after Windows release

  • Email a Friend
  • Print Page
More Safari bugs found after Windows release
Related Articles
By Frank Washkuch
Jun 14, 2007 7:33 AM
Tags: Researchers | find | Safari | bugs | just | hours | after | Windows | release
Bug hunters have claimed numerous flaws in Apple's Safari web browser just hours after its release for Windows.
Less than a full day after Safari version 3 beta was released for Windows and Mac, researcher Thor Larholm revealed a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a website."

Larholm released proof-of-concept code for the flaw on his website today.

"Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted toward this new Windows browser," Larholm said on his website today.

David Maynor, founder and CTO of Errata Security, said on Monday on the company’s blog that researchers found a number of bugs in the beta that also work for the OS X version.

"I’d like to note that we found a total of six bugs in an afternoon, four DoS and two remote code execution bugs. We have weaponised one of those to be reliable and it’s different than what [Larholm] has found.

I can’t speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy of OS X as well (same code base for a lot of stuff)," he said. "The exploit is robust, mostly thanks to the lack of any kind of advanced security features in OS X."

Tim Erlin, vulnerability and exposure manager at nCircle, told SCMagazine.com that vendors who stress security face additional scrutiny from hackers, even if their products are in beta.

"This is interesting because you have to wonder whether it was intentional on Apple’s part. If you release a beta, you expect [vulnerabilities] to be found, and that way you get them taken care of before the actual release," he said.

"I think that [a hackers'] target tends to move to whoever has most recently made declarations of secure development. That was the case when Microsoft announced major security enhancements in Vista."

An Apple representative could not be reached for comment.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple candidate features flaw google internet microsoft month onecare patch patches pirated release safari security social test updates vulnerability windows