Safari version 3.0.1 corrects at least three "critical" vulnerabilities that could permit remote attackers to launch a DoS condition or execute arbitrary code, according to a FrSIRT
advisory released today.
The fact that flaws were discovered hours after the beta went public is not surprising, Rob Ayoub, industry manager for research firm Frost & Sullivan, told SCMagazine.com.
"The Windows researcher community is more active and they’re more familiar with some of the fuzzing technology (used to find vulnerabilities)," he said. "It does send some message to Apple that they have to have a more solid testing procedure in place. Had this been an actual release, I think it would have been pretty disastrous."
One of the flaws is caused by an input validation error when processing URLs, another is related to a memory read error that occurs when processing malformed data. The third is caused by a race condition when processing JavaScript, according to FrSIRT.
Ayoub said users should not be turned off to Safari because of the early vulnerabilities found in the beta version.
"I think it’s a little bit overactive at this point," he said. "Vista, when they do their release candidates, there are tons of bugs."
Plus, he said he doesn’t anticipate many enterprise customers to immediately deploy Safari, so the number of affected users should be minimal.
Less than a day after the release of the beta version for Windows, billed by Apple as superior in speed and performance compared to the Internet Explorer and Mozilla's Firefox web browsers, researchers from Errata Security posted a number of bugs.
In addition, researcher Thor Larholm revealed a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a website."
"I’d like to note that we found a total of six bugs in an afternoon, four DoS and two remote code execution bugs," David Maynor, Errata’s founder and CTO, said Monday on the organisation’s blog.
"We have weaponised one of those to be reliable and it’s different than what [Larholm] has found. The exploit is robust, mostly thanks to the lack of any kind of advanced security features in OS X."
Apple, though, said none of the revealed vulnerabilities apply to the Mac OS X version of Safari, according to reports.
An Apple spokesperson could not be reached for comment.