In association with heise online

14 June 2007, 16:06

Apple's Windows Safari continues

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple's Safari browser, a beta version of which was recently released for Windows, has been having a few security vulnerabilities and stability and display problems. Apple has now slipped out beta version 3.0.1, which is aimed at fixing a few of the security vulnerabilities.

Apple has fixed a total of three critical security bugs in the browser, all of which affect the Windows platform only. Weak checking of URLs in websites could be used to execute injected code. Memory access outside the reserved range when processing crafted web pages could cause the browser to crash or execute malicious code. In addition, Safari 3.0.1 for Windows is lighter by one cross-site scripting vulnerability, exploitation of which could result in JavaScript objects accessing other domains or being executed in the context of other domains.

The new version does not appear to fix the vulnerability in the protocol handler discovered by Thor Larholm, by exploiting which a web page can run commands on a visitor's system. Is also remains unclear whether the security problems discovered by Aviv Raff and David Maynor have been remedied. However, since version 3.0.1 is just as unstable and unreliable as its predecessor, it remains advisable to avoid using it at present.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit