Security researcher Aviv Raff claims to have found the first security vulnerability in Apple's Safari browser on Windows only hours after the software was released. Raff tested the application against a standard browser security testing tool. "A first glance at the debugger showed me that this memory corruption might be exploitable. Although I'll have to dig more to be sure of that," he wrote on his blog.
Apple unveiled a beta of a Windows version of its Safari web browser on Monday. The final product is scheduled for release in October. In a keynote presentation at Apple's Worldwide Developers Conference in San Francisco, chief executive Steve Jobs claimed that the browser would run up to twice as fast as Microsoft's Internet Explorer, but did not mention Internet Explorer's security record.
View: The full story
News source: Vnunet
Apple unveiled a beta of a Windows version of its Safari web browser on Monday. The final product is scheduled for release in October. In a keynote presentation at Apple's Worldwide Developers Conference in San Francisco, chief executive Steve Jobs claimed that the browser would run up to twice as fast as Microsoft's Internet Explorer, but did not mention Internet Explorer's security record.
View: The full story News source: Vnunet
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
This is what neowin says: This is BETA software!, please use caution when installing it on your system
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
This is what neowin says: This is BETA software!, please use caution when installing it on your system
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
+1 Agreed
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
I expect software to be released to the public like this to have been "tested [...] against a standard browser security testing tool", as per what the discoverer claimed to have done. A standard tool. I expect this sort of basic quality control of a product before announcing a public release. This would have identified the security problem to Apple before they released this "beta" to the world.
That said, the problem is out. The only thing left is to expect Apple to fix it quickly.
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.
its on the freakin BBC
Despite anyone's opinion on this issue up to now, the only thing to do is wait for Apple to fix this in a timely manner.
And how many people who aren't already interested in Apple (or found out about the browser from some other source) would be looking at Apple's main page just for the hell of it? Yes, some news outlets have talked about it, but I wouldn't exactly call that "fanfare" since it more than likely wasn't Apple who submitted that news to them.
ONE MORE THING IS NEVER A FOOTNOTE.
A secret beta like this is perfectly OK to release without performing testing with what is claimed to be an industry standard browser security testing tool (which would have revealed this buffer overflow issue).
It's all good.
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
Beta means close enough to exactly the following
"Software that is very close to a final version but still has a number of knownw issues, this is "usually" released to a limited number of normal users to see if there are any unknown issues that appear on certain machines or with certian configurations, remembering almost every single PC in the world is different, either software or hardware wise, there are not a lot of machines that are completely identical, whcih means no company can possibly test every single scenario, this is why beat tests are used.
basically it is development companies saving money by gettign the public to test their software for them
Beta being beta i would assume they will fix any bugs found especially critical ones(whcih this issue may not even be, it appears from the articel he only thinks there might be an issue) as that is the purpose of beta releases. hey hasn't gmail been in beta for like it's whole life.
people that install beta software do so at their own risk and i actually woudl have expected apple to mention such on their download site, Microsoft puts discalimers all over their beta apps saying this app should bnot be installed in a production environent.
Last edited by whocares78 on 13 Jun 2007 - 06:23
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.
its on the freakin BBC
and the whole world watches the BBC, i never even heeard of it until i read this artcle, and i don't generally go looking on apples site so it aint that big and the fact i work for a development company adn not one single person in the office had heard of this before i told them says it really aint that big a deal.
Last edited by whocares78 on 13 Jun 2007 - 06:24
A secret beta like this is perfectly OK to release without performing testing with what is claimed to be an industry standard browser security testing tool (which would have revealed this buffer overflow issue).
It's all good.
IT'S BETA. you arent a programeer are you?
is claimed to be an industry standard (i am glad you put claimed), "did someoen tell apple it was industry standard" no hacking tool is industray standard, there are so many different tools that do the same thing, apople may have tried on e tool that didn't find it, you never know.
i hate apple but u can't put the blame on them once again BETA, i don't install softweare that says beta, if i want my computer to keep working.
But still it's Beta. Small program and we still have to wait 4 months while they finish it. Everything is okay, just make it really good.
Certainly not at the user's expense, but, hopefully they respond quickly to such matters once it goes out of beta.
So...why didn't Apple do this before releasing this to the public?
i think he menat welcome to the world of windows, where people actually do try and find seurity holes in your software because it's instaled on more than 5 computers LMAO
Apple does need to get a grip on the security today. No computer is 100% safe out on the internet, and Mac OS X has its own vulnerabilities. Also, their Quicktime is quite often exploited.
But I did happen to like Safari. Much more polished than its predecessor.
There is a little thing called the iPhone being released soon. It's user base will more than likely also include Windows users. Safari et al. will be needed for integration and synchronization.
the first thing to happen when i install the thing, it crashes Firefox (i still can't figure out how).
and this thing is a typical apple application: rather than using the existing framework, they try to re-invent the wheel. as soon as the thing opens, it prompts me for my domain password (i tested this on a pc on work). every other browser on the planet "just works" with domain authentication, apple brings their keychain madness with them.
they also brought along their own font smoothing engine. everybody else can use cleartype and dodge the overhead, but not Apple.
sheets? i hope this is a place holder for an actual dialog. if i wanted swishing dialogs, i'd stick to the mac (where i don't even use Safari anyway).
Safari on Windows is pretty much that, Safari on Windows. a straight-up port, right down to the Mac OS technologies they felt we needed (Windows is keyboard accessible by design; we didn't need you to not make your app. conform and then pretend to offer me the ability to tab between links and fields).
take this one off the website, Apple. this one just ain't ready for primetime.
Well, despite Apple giving away the development tools, Microsoft still can't seem to get their act together with Office or Messenger, not to mention the fact that they abandoned IE and Media Player.
Well, despite Apple giving away the development tools, Microsoft still can't seem to get their act together with Office or Messenger, not to mention the fact that they abandoned IE and Media Player.
and MS don't give away theirs ???
that is just a stupid comment.
It even crashes on Apple's SUPPORT page!
Good start Apple! (y)
Naah... I uninstalled it.
You're either being blinded by your bias or you have no comprehension on the hacked uxtheme file and it's lack of effects on an install. The problems being exhibited are not caused by a hacked uxtheme. Hacking the uxtheme ONLY removes a security check, nothing more.
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does)
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does)
there have been some stupid comments but your definitely takes the cake!!!!
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does)
there have been some stupid comments but your definitely takes the cake!!!!
how is that comment stupid. is it that it doesn't look like a hacked copy (i was being sarcastic, i.e how the hell does the guy know it's a hacked copy just by looking at a screen shot) is it the not much works on vista thing, cause i don't know if youve tried but not much does
If I remove my lucida grande font, I get the empty menu which appears in the above screenshot. If I use the version of lucida grande that I had previously, the font looks Russian however. If I remove lucida grande and hope that Safari installs it, well, it doesn't seem to.
It's an odd one...
You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
Well then, maybe Apple should remove it from it's front page. I don't see any indication from Apple on thier site that states that this "public beta" may cause problems. In fact, it pretty much says the opposite.
Now we'll get some real insight (although limited) into just how more "secure" Apple's software is than Microsoft's.
Simply put, it's not. :-)
a) Yet another browser for Windows. Yay.
b) Yet another awesome Apple software port to Windows. Y'know, like iTunes, Quicktime...people just can't get enough of those.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.