Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Apple Plugs Windows Safari Security Holes

By BetaNews Staff, BetaNews

June 14, 2007, 2:19 PM

Just days after its beta release of Safari 3 for Windows became a zero-day nightmare with a number of exploitable vulnerabilities, Apple has rushed out version 3.01 to fix three security flaws. The problems only affect Windows, not the Mac OS X release.

The 3.01 update patches a bug that could lead to Safari running arbitrary commands via CMD.EXE, a denial of service crash due to memory corruption, and a flaw that could lead to a cross-site scripting attack. Windows XP and Vista users can download Safari 3.01 from FileForum.

Add a Comment (23 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Candace

edited Jun 14, 2007 - 3:12 PM

Good response from Apple, especially for a beta product. I've never seen Microsoft patch their stuff this quickly.

Score: 0

By crashoverride

posted Jun 14, 2007 - 8:25 PM

hmm, patched in 3 days...I'm impressed.

Score: 0

By vince_1579

posted Jun 15, 2007 - 2:08 AM

How about the intermittent crash when you change to a "multi-firewalled" proxy?

I experience this a lot. Especially a proxy that requires user authentication. I hope Safari developers will look into this.

Score: 0

By The Dave

posted Jun 14, 2007 - 4:33 PM

Wow, I had no idea that Betanews had so many damn ads until I visited in Safari.

Back to Firefox for me until they make an add-on that blocks ads.

I'm typing this in Safari right now and I count 4 ads on the page. With Firefox I see ZERO ads.

Score: 0

By trevogre

edited Jun 14, 2007 - 6:11 PM

What business do you have reading and obviously ad supported website and striping out the ads. If you are going to have that little class you might want to keep it to yourself. Or maybe you can offer to pay the website for the content some other way. These people have to work for a living to feed their families just like everyone else, but you want them to provide you with information for free. What do you do for a living? maybe you should give me something for free. Why don't you come mow my lawn or clean my toilets. Freeloading jackass. Was that a personal attack or a factual criticism? I’ll leave it up to the moderator to decide.

Score: 0

By dkratter

edited Jun 14, 2007 - 9:26 PM

The only personal attack is coming from you.

As for people browsing this website with ad-blocking technology, if you think most people who read this site don't have that enabled, you're delusional. Don't bash people for being honest.

Score: 0

By wincement

posted Jun 14, 2007 - 6:33 PM

lol.... well spoken.

Score: 0

By frankwick

posted Jun 14, 2007 - 3:40 PM

Good job on patching the 3 holes, but they have more work to do. They may have taken a big perception hit too.

Score: 0

By Eponymous

posted Jun 14, 2007 - 5:43 PM

Nah, only geeks are paying attention at this stage. :-)

Score: 0

By DJGM

posted Jun 14, 2007 - 3:28 PM

I see they've still not fixed the rather nasty font bug yet.

Score: 0

By yohimbe9

posted Jun 14, 2007 - 4:46 PM

Just replace the Lucida fonts in your program files folder with the ones from your system fonts folder and you'll be good.

Score: 0

By iamtux

posted Jun 14, 2007 - 3:16 PM

That was quick! Good job Apple!

Score: 0

By Jordanr05

posted Jun 14, 2007 - 3:04 PM

I'm sure there's going to be all sorts of interesting posts on this topic, but nevertheless, it's good to see Apple patch these flaws so quickly. Isn't that what beta testing is all about? Yes I know they shot their mouths off about how secure Safari is, but hey it's their first attempt at a browser for Windows.

Score: 0

By SorenMD

posted Jun 14, 2007 - 2:58 PM

"The problems only affect Windows, not the Mac OS X release."

Gee, I would have never guessed. LATN!

Score: 0

By dlab21

posted Jun 14, 2007 - 3:20 PM

really... cause thats not what i heard.

"These bugs have been verified in the current PRODUCTION copy on OSX."
http://erratasec.blogspo...07/06/niiiice.html";

Score: 0

By dhjdhj

posted Jun 14, 2007 - 4:32 PM

One wonders why that URL no longer exists!

Score: 0

By yohimbe9

posted Jun 14, 2007 - 4:46 PM

its there, just an extra accidental quote at the end:
http://erratasec.blogspot.com/2007/06/niiiice.html

Score: 0

By cool_guy

edited Jun 14, 2007 - 6:19 PM

Just watch your posts my friend. Last time I got blasted with personal attacks by the Apple followers when I showed them that link (as if I wrote it), when the story was first announced. You have been warned :) I have a feeling the same thing will happen now. This is the only reason I will never use Mac OS X or recommend it to anyone - Arrogant community

Score: 0

By Eponymous

edited Jun 14, 2007 - 5:12 PM

Yeah, the thread exists, but it stopped the other evening at 6 pm.

Maynor claims the bugs affect the OS X version too, then blames the lack of security in OS X.

But if the bugs are in the Windows version too, then how could they have anything to do with OS X? Great logic.

Personally I don't believe him. The MOAB didn't uncover any such easily found Safari bugs.

Score: 0

By CarLox

posted Jun 14, 2007 - 7:46 PM

hey IT'S A FUKING BETA VERSION!!! godd*** PEOPLE

Score: 0

By templar™

posted Jun 14, 2007 - 2:47 PM

Kudos to Apple for reacting promptly. I only hope they don't take another dig at PC using this incident (like they always do).

Score: 0

By zridling

posted Jun 15, 2007 - 4:22 AM

Yea, doesn't the John Hodgeman character get to say "How 'bout that total sukfest called Safari, there, mr. apple giblets?"

Hahahahahaha

Score: 0

By Heero

posted Jun 14, 2007 - 3:03 PM

They probebly will...

Score: 0

Jul 3 - 6:45 PM ET Netflix box by Roku to get more content providers

Jul 3 - 6:30 PM ET US Justice Dept. sued for info on cellular tracking practices

Jul 3 - 6:27 PM ET Next Patch Tuesday has few security updates, big Vista reliability fix

Jul 3 - 5:49 PM ET BlackBerry Pearl users can test voice input for Google Maps

Jul 3 - 5:30 PM ET Adobe pushes its Flash 10 beta 2 refresh

Jul 3 - 4:39 PM ET Nokia and InterDigital start to disassemble their running feud

Jul 3 - 4:34 PM ET Do-it-yourself phone manufacturer declares its independence tomorrow

Jul 3 - 4:16 PM ET Study: US broadband access up overall, but down among the poor

Jul 3 - 3:54 PM ET Beta test a portable Web browsing device

Jul 3 - 3:20 PM ET Nvidia: 'Previous generation' GPUs failing at high rates