After hacker dissection, Safari beta is patched

Three days after releasing Safari 3.0, Apple has issued its first patch of the beta software: Safari 3.0.1, which fixes three flaws in the browser including security vulnerabilities. Although the issues found in the first beta release were surprisingly numerous, security researchers are applauding Apple for pushing out the update so quickly. Apple has often taken weeks or months to release patches and updates in response to vulnerability concerns. This is the first time that Apple has released a version of Safari for the Windows platform. Because it now can be run on a much larger number of systems, the code has been getting more attention from the security community.

News source: InfoWorld

Report a problem with article
Previous Story

Russian Game Museum Recalls Bygone Era

Next Story

LOTRO Announces Middle Earth's Summer fesival!

35 Comments

Commenting is disabled on this article.

Safari installs but does not run if your Windows XP username has international characters in it. For instance, if your username is José, and your application files get stored in C:/Documents and Settings/José, the app doesn't start up.

If I create a username with no accents, however, Safari runs without any issues. This is exactly the type of problem that I had with Democracy Player about a year ago.

What's with this lack of support for users with accented names? Has anyone found a way to get around this bug, other than removing the accents from their name?

Disliked the study icon claiming among other things that Opera is the worst in javascript. Actually saying Internet Explorer is better. Sorry I use Opera 9.2 quite often and really don't have a problem with javascript. however Opera 9.2 isn't quite ready for Vista yet. That nifty and silly section on mmc that shows on a line graph how reliable Vista is, is being dragged all the way down to 1.23 because of Opera most of the time. It's crashed at least once every day except 2 days since I installed this in early May. But because it usually saves where I was last, it isn't an inconvient crash. Simply start it back up and I'm back. And although I can use a plugin for mouse gestures in Firefox, that plugin isn't 100% just yet. Opera's is and thats why I use it. Safari is installed, but seems rather pointless. Even having IE on here is pointless because windows update isn't run off the web browser anymore. My roboform works in firefox only. Unless someone has a plugin like roboform, Opera remains the secondary, but more use browser.

This is the worst browser ever. It simply does not work. My network uses a proxy so it simply freezes on start. There is no way to enter any details. On another computer I have, it loads but all the menus are blank. What gives? This should not have been released as a beta it is still alpha.

Am I the only user who attempted to use the browser through a proxy? By the way, if I enter my proxy login or even click cancel, the app. crashes.

Security is one side, the other is usability. Safari is "ok", however IE 7 and Firefox outperform. There is nothing there that makes me want to switch. IE 7 is a good browser.

Why is there a 30 second delay? I launch Safari, it loads, then down on the bottom bar it says "loading bla bla bla"
and sits there for 30-45 seconds before the page loads. Once it loads, then you can refresh and it pops right up.
Firefox doesn't do that. I'm just curious. Other than that, I don't see anything wrong with it. The more browsers,
the better.

someone into conspiracy theories may suspect that they released a known buggy browser with a patch waiting in the wings :P

Seems that peoples reception to this could have been predicted...

virtorio said,

You mean this? http://www.joelonsoftware.com/items/2007/06/12.html

They do it differently, doesn't mean it’s wrong. Far as I’m concerned the Apple way looks better. Though they probably should have an option to use the rendering method of the OS.


Nice link. Being a designer myself I definitely prefer Apples way, but strangely enough I can see the logic behind both approaches actually.

They seem to be getting quicker with their response times lately. First they patched the Quicktime/Javascript flaw in 10 days and now this.

I'm glad Apple is fixing bugs quickly, however that still doesn't excuse the number of fanboys out there who claim that the only reason Safari was bugged in the first place was because windows itself was not secure.

So I think from now on any time some random Mac Zealot (please note I'm only talking about the fanboys, not the average mac user) tries to pull that excuse, I'll tell them that by Apple releasing patches so quickly here and so slowly on the mac just shows much better windows is for developing stuff

Not a fanboyism answer but it is interesting that none of those security issues affected the Safari 3 beta on OS X. Sooooo I don't see your point. It just makes Windows look worse and Apples devs look better.

In the first FPN article on the discovered Safari flaws, this is exactly what I said that I would expect on this. A patch to be issued. Same as I would have expected of Microsoft or of a Linux vendor.

It doesn't matter if this is "beta" or not. If a security bug is found, it must be fixed. Period.

it entirely matters whether it is beta or not, security issues in beta do not have to be fixed, apple was nice and fixed it, they have to be fixed in the release version i agree, but you once again fail to realise beta is just that beta, it is done so that developers don't have to test every possible scenario themselves, beta is companies getingtheir users to do testing for them as they can't test all the possible scenarios by themsleves.

whocares78 said,
it entirely matters whether it is beta or not, security issues in beta do not have to be fixed, apple was nice and fixed it, they have to be fixed in the release version i agree, but you once again fail to realise beta is just that beta, it is done so that developers don't have to test every possible scenario themselves, beta is companies getingtheir users to do testing for them as they can't test all the possible scenarios by themsleves.

No, this is something that needs to be fixed in a beta. It's out there so people can test it, and who the **** would want to even touch it if its going to screw up their entire computer. I can understand not quickly fixing something that may cause the browser to crash, or how it may render some pages strange, but a security flaw HAS to be fixed, or else their is no point in even having a beta if its going to put the testers at risk.

reidtheweed01 said,
No, this is something that needs to be fixed in a beta. It's out there so people can test it, and who the **** would want to even touch it if its going to screw up their entire computer. I can understand not quickly fixing something that may cause the browser to crash, or how it may render some pages strange, but a security flaw HAS to be fixed, or else their is no point in even having a beta if its going to put the testers at risk.

I disagree entirely, you are all totally overreacting, i ask you this, is their any virus, application, anything at all that takes advantage of the vulnerability that was discovered, the answer from what i have seen is no, therefore being beta i expect they woudl release a new beta or even release version that fixes the majority of issues found in the beta (probably in a couple of weeks) had the issue not been so dramatised, instead they have released a patch which fixes a couple of the issues but stilll has a high number of other known issues which are to the end user causing more issues, e.g most users will not care about security, however will care if they can't load their web pages.

i do not see how you can claim "who the **** would want to even touch it if its going to screw up their entire computer" i have seen any evidence of the security issue causing any issues, but if you can point me in the direction of any exploits that use this vulnerabilty then i agree with you it should be fixed,

People that install beta do so at their own risk, if they don't understadn the consequences of beta software they shouldn not install it, and yes i did not see any warnings on the mac website of the sort which i think is a very bad thing, and what casued most of these forums. The fact is bet is beta and most if not all betas are released with known issues, so just by the fact of what beta software represents you are at risk using beta software whether there is a security issue or not