Posted on 06/14/2007 8:20:40 AM PDT by Swordmaker
Apple has released Safari 3.0.1 Public Beta for Windows XP and Vista which includes numerous security improvements which Apple notes do not affect Safari 3 Public Beta for Mac OS X.
Safari 3.0.1 Public Beta for Windows addresses the following issues in Safari 3 Public Beta for Windows:
CVE-ID: CVE-2007-3186 Impact: Visiting a malicious website may lead to arbitrary code execution. Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391 Impact: Visiting a malicious website may allow cross-site scripting. Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.
The update is available via the "Apple Software Update" application, which is installed with the most recent version of QuickTime or iTunes on Windows.
MacDailyNews Take: That was about as fast as, oh, say, putting a cigarette out in someone's eye and certainly more productive.
Update for Windows security . . . Security issues do not affect OS X.
If you want on or off the Mac Ping List, Freepmail me.
Not according to this fellow: "I can't speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX, "
"**PLEASE DO NOT POST A COMMENT IF ITS ABOUT SAFARI IN BETA** These bugs have been verified in the current PRODUCTION copy on OSX (Safari 2.0.4)."
I'm not making any assertions one way or the other-- not my field, or my concern. But some people are, and, having read this guy's article yesterday, thought that the issue was important enough to point out.
If you choose not to believe his claim, that's fine. But to dismiss any such criticism in a knee-jerk fashion sight unseen is the same narrow view that caused Apple to release this beta with easily detectable problems uncorrected, and the same view that leads Microsoft to continual screw-ups.
It’s not dismissal sight-unseen. That fellow has been making the same sort of claims for months now, and his comments were thouroughly discussed on yesterdays thread.
I tried to open FR in Safari 3.0.1 on Vista Ultimate and it doesn’t even render.
I haven’t examined the FR html but it’s the only site that doesn’t render for me in Safari 3.0.1.
Quite frankly, David Maynor's reputation vis-a-vis Mac security is in the toilet since he was found to have perpetrated a Hoax video demonstration hack into a Mac laptop at last summer's Black Hat Conference... He and his partner were quoted as saying they "would like to poke a lit cigarette into the eyes of Mac users."
Your quotation's last sentence says a lot... it shows him to be a bitter man.
OSX has been on the market now for six years and there are still ZERO malware or viruses in the wild.
Get that you mac haters..... ZEEEEEEEROOOOOO !!
You keep tellin’ them... And with Bootcamp, VMWare and Parallels, I cannot imagine why ANYONE would want a windoz box ???
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.