Security flaw hits Safari (Windows) only hours after release
Posted by Daniel Fleshbourne on 12 June 2007 - 13:41 · 66 comments & 12169 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(16 replies)
#1 Posted by Xero on 12 Jun 2007 - 13:42
- Heh, I guess Apple didn't test it enough. Now that they are becoming a Windows software developer they are going to have to deal with all the issues that come with Windows users/systems. Ah well.
-
#1.1 Posted by +saxondale. on 12 Jun 2007 - 13:44
- Beta.
-
#1.2 Posted by
markjensen on 12 Jun 2007 - 14:02
- Quote - (saxondale. said @ #1.1)Beta.Which means what, exactly?
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor. -
#1.3 Posted by +saxondale. on 12 Jun 2007 - 14:11
- Quote - (markjensen said @ #1.2)Quote - (saxondale. said @ #1.1)Beta.Which means what, exactly?
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
This is what neowin says: This is BETA software!, please use caution when installing it on your system
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things. -
#1.4 Posted by bobbba on 12 Jun 2007 - 14:35
- Quote - (saxondale. said @ #1.3)Quote - (markjensen said @ #1.2)Quote - (saxondale. said @ #1.1)Beta.Which means what, exactly?
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
This is what neowin says: This is BETA software!, please use caution when installing it on your system
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
+1 Agreed
-
#1.5 Posted by Julius Caro on 12 Jun 2007 - 14:36
- That's what neowin says. On the apple page it says you're downloading the fastest and better performing browser on earth.
-
#1.6 Posted by markjensen on 12 Jun 2007 - 14:41
- I guess you mis-understand what my point is. Or I have not made myself clear enough.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
I expect software to be released to the public like this to have been "tested [...] against a standard browser security testing tool", as per what the discoverer claimed to have done. A standard tool. I expect this sort of basic quality control of a product before announcing a public release. This would have identified the security problem to Apple before they released this "beta" to the world.
That said, the problem is out. The only thing left is to expect Apple to fix it quickly.Quote - saxondale. said...Two things. First, I am glad I do not fall under your definition of "stupid", as I haven't installed it. No interest in it, as this time. Second, there is a difference between "problems" and "security flaws that are readily identified with standard tools".
If you're installing it, you should be very aware what problems you could face. You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things. -
#1.7 Posted by roadwarrior on 12 Jun 2007 - 15:30
- Quote - (markjensen said @ #1.6)I guess you mis-understand what my point is. Or I have not made myself clear enough.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages. -
#1.8 Posted by rob.derosa on 12 Jun 2007 - 15:41
- Quote - (roadwarrior said @ #1.7)Quote - (markjensen said @ #1.6)I guess you mis-understand what my point is. Or I have not made myself clear enough.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.
its on the freakin BBC
-
#1.9 Posted by markjensen on 12 Jun 2007 - 16:14
- Quote - (roadwarrior said @ #1.7)What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.Even my wife heard this, and she isn't an Apple person, nor a geek like me (and most of Neowin, I imagine).
Despite anyone's opinion on this issue up to now, the only thing to do is wait for Apple to fix this in a timely manner. -
#1.10 Posted by markjensen on 12 Jun 2007 - 16:58
- Quote - (rob.derosa said @ #1.
its on the freakin BBCAnd a big, fat link right on Apple's main page. -
#1.11 Posted by roadwarrior on 12 Jun 2007 - 17:15
- Quote - (markjensen said @ #1.10)Quote - (rob.derosa said @ #1.its on the freakin BBCAnd a big, fat link right on Apple's main page.
And how many people who aren't already interested in Apple (or found out about the browser from some other source) would be looking at Apple's main page just for the hell of it? Yes, some news outlets have talked about it, but I wouldn't exactly call that "fanfare" since it more than likely wasn't Apple who submitted that news to them. -
#1.12 Posted by PureLegend on 12 Jun 2007 - 17:25
- Quote - (roadwarrior said @ #1.7)What "fanfare"? It was featured at a developers convention almost as a footnote.
ONE MORE THING IS NEVER A FOOTNOTE. -
#1.13 Posted by markjensen on 12 Jun 2007 - 17:41
- Quote - (roadwarrior said @ #1.11)And how many people who aren't already interested in Apple (or found out about the browser from some other source) would be looking at Apple's main page just for the hell of it? Yes, some news outlets have talked about it, but I wouldn't exactly call that "fanfare" since it more than likely wasn't Apple who submitted that news to them.Oh, my bad, then.
A secret beta like this is perfectly OK to release without performing testing with what is claimed to be an industry standard browser security testing tool (which would have revealed this buffer overflow issue).
It's all good. -
#1.14 Posted by whocares78 on 13 Jun 2007 - 05:52
- Quote - (markjensen said @ #1.2)Quote - (saxondale. said @ #1.1)Beta.Which means what, exactly?
Many people are installing it and using it. They could be affected. Apple needs to take this seriously and correct. No big deal, really, as all software goes through this process.
But calling something "beta" when it is released to the public (and announced with no small degree of fanfare, I might add) does not excuse it from letting bugs go unfixed, or to justify their existence.
At this point, I would expect a fix to be issued soon. Same as I would expect of Microsoft or a Linux vendor.
Beta means close enough to exactly the following
"Software that is very close to a final version but still has a number of knownw issues, this is "usually" released to a limited number of normal users to see if there are any unknown issues that appear on certain machines or with certian configurations, remembering almost every single PC in the world is different, either software or hardware wise, there are not a lot of machines that are completely identical, whcih means no company can possibly test every single scenario, this is why beat tests are used.
basically it is development companies saving money by gettign the public to test their software for them
Beta being beta i would assume they will fix any bugs found especially critical ones(whcih this issue may not even be, it appears from the articel he only thinks there might be an issue) as that is the purpose of beta releases. hey hasn't gmail been in beta for like it's whole life.
people that install beta software do so at their own risk and i actually woudl have expected apple to mention such on their download site, Microsoft puts discalimers all over their beta apps saying this app should bnot be installed in a production environent.
Last edited by whocares78 on 13 Jun 2007 - 06:23 -
#1.15 Posted by whocares78 on 13 Jun 2007 - 05:55
- Quote - (rob.derosa said @ #1.Quote - (roadwarrior said @ #1.7)Quote - (markjensen said @ #1.6)I guess you mis-understand what my point is. Or I have not made myself clear enough.
I expect bugs in "beta" software. I don't expect software widely released with such fanfare to be "beta"; that is just using the term as an excuse or cover.
What "fanfare"? It was featured at a developers convention almost as a footnote. The fact that tech sites like this picked up on it is hardly a reflection of the general population of the internet. Most people online don't even know what a web browser is, or that there are different ones, they just know that they click on a certain icon to get to their web pages.
its on the freakin BBC
and the whole world watches the BBC, i never even heeard of it until i read this artcle, and i don't generally go looking on apples site so it aint that big and the fact i work for a development company adn not one single person in the office had heard of this before i told them says it really aint that big a deal.
Last edited by whocares78 on 13 Jun 2007 - 06:24 -
#1.16 Posted by whocares78 on 13 Jun 2007 - 06:00
- Quote - (markjensen said @ #1.13)Quote - (roadwarrior said @ #1.11)And how many people who aren't already interested in Apple (or found out about the browser from some other source) would be looking at Apple's main page just for the hell of it? Yes, some news outlets have talked about it, but I wouldn't exactly call that "fanfare" since it more than likely wasn't Apple who submitted that news to them.Oh, my bad, then.
A secret beta like this is perfectly OK to release without performing testing with what is claimed to be an industry standard browser security testing tool (which would have revealed this buffer overflow issue).
It's all good.
IT'S BETA. you arent a programeer are you?
is claimed to be an industry standard (i am glad you put claimed), "did someoen tell apple it was industry standard" no hacking tool is industray standard, there are so many different tools that do the same thing, apople may have tried on e tool that didn't find it, you never know.
i hate apple but u can't put the blame on them once again BETA, i don't install softweare that says beta, if i want my computer to keep working.
-
#2 Posted by david13lt on 12 Jun 2007 - 13:48
- It's really has plenty of bugs, in there past 24 hours I had all kind of bugs with Safari Beta on Windows.
But still it's Beta. Small program and we still have to wait 4 months while they finish it. Everything is okay, just make it really good.
-
#3 Posted by XerXis on 12 Jun 2007 - 13:49
- beta or not, security is not something you add, it has to be there by design. partly because of disciplined programmers using safe functions or checking for buffer overflows and partly because of a well laid out design fase in which as many possible security risks are evalued
-
(1 reply)
#4 Posted by +DomZ on 12 Jun 2007 - 13:57
- They probably rushed the beta out because they wanted to release it for WWDC
-
#5 Posted by Ritsuke on 12 Jun 2007 - 14:06
- I honestly think Apple (and any company, for that matter) needs all the security experience it can get. I'm sure Safari on Windows will give them more than plenty.
Certainly not at the user's expense, but, hopefully they respond quickly to such matters once it goes out of beta.
-
(1 reply)
#6 Posted by 4tehlulz on 12 Jun 2007 - 14:10
- Quote -Raff tested the application against a standard browser security testing tool.
So...why didn't Apple do this before releasing this to the public? -
#6.1 Posted by whocares78 on 13 Jun 2007 - 06:02
- maybe noone told them it was a "standard tool" i want to know what toold they used, i ididn't know there was a standard tool to check this.
-
(2 replies)
#7 Posted by +tunafish on 12 Jun 2007 - 14:12
- lol lol lol welcome to the world of windows apple
-
#7.1 Posted by +Lt-DavidW on 12 Jun 2007 - 15:11
- The flaw is in Safari, not in Windows. Apple software is buggy, oh yes, but their bugs are only revealed when Apple actually steps it's foot into a large user base, such as that which is Windows. There are simply more users to find the bugs in the first place.
-
#7.2 Posted by whocares78 on 13 Jun 2007 - 06:03
- Quote - (Lt-DavidW said @ #7.1)The flaw is in Safari, not in Windows. Apple software is buggy, oh yes, but their bugs are only revealed when Apple actually steps it's foot into a large user base, such as that which is Windows. There are simply more users to find the bugs in the first place.
i think he menat welcome to the world of windows, where people actually do try and find seurity holes in your software because it's instaled on more than 5 computers LMAO
-
(1 reply)
#8 Posted by Marshalus on 12 Jun 2007 - 14:15
- I used Safari for about 5 minutes, didn't like it, installed it. I don't know what system they benchmarked it on but it was not faster then IE7 or Firefox.
-
(1 reply)
#9 Posted by solgae on 12 Jun 2007 - 14:22
- I'm plenty surprised enough that Apple even bothered releasing Safari for Windows.
Apple does need to get a grip on the security today. No computer is 100% safe out on the internet, and Mac OS X has its own vulnerabilities. Also, their Quicktime is quite often exploited.
But I did happen to like Safari. Much more polished than its predecessor. -
#9.1 Posted by whocares78 on 13 Jun 2007 - 06:04
- oh yeah that one bug in quicktime
-
#10 Posted by lawtai on 12 Jun 2007 - 14:23
- heh i wonder how safari will do security wise in the long run compared to IE.
-
#11 Posted by So-Unreal on 12 Jun 2007 - 15:09
- Safari why do we need another web browser? Is Safari even good on the MAC? I tried on a mac for like 2-4 hours and was not happy with it and installed Firefox.
-
#12 Posted by +Lt-DavidW on 12 Jun 2007 - 15:13
- Sa-fari, so good.
-
(3 replies)
#13 Posted by ThaCrip on 12 Jun 2007 - 15:14
- what i dont get is WHY apply is making a webbrowser for windows? ... Firefox/Opera pretty much cover all people need in terms of alternatives.
-
#13.1 Posted by +rm20010 on 12 Jun 2007 - 15:48
- Testing purposes. No need to buy Macs for testing their sites in Safari, or illegally hacking OS X to run on non-Apple machines or in virtual machine environments.
-
#13.2 Posted by RootWind on 12 Jun 2007 - 16:26
- To expand Safari's presence (with web dev), since the iPhone uses Safari.
-
#13.3 Posted by lbmouse on 12 Jun 2007 - 18:53
- Quote - (ThaCrip said @ #14)what i dont get is WHY apply is making a webbrowser for windows? ... Firefox/Opera pretty much cover all people need in terms of alternatives.
There is a little thing called the iPhone being released soon. It's user base will more than likely also include Windows users. Safari et al. will be needed for integration and synchronization.
-
(1 reply)
#14 Posted by -Hiroshi- on 12 Jun 2007 - 15:31
- ....Safari on Windows?! -goes to Apple.com- what the crap.. How did I let THAT ONE slip by me..
-
#14.1 Posted by whocares78 on 13 Jun 2007 - 06:06
- especially seeing all the "fanfare" people on this list arew goign on about
-
(1 reply)
#15 Posted by -Hiroshi- on 12 Jun 2007 - 15:40
- eh, trying it... Hopefully this security thing wont hit me in the butt, but seriously, this is pretty nice..o_O
-
#15.1 Posted by rob.derosa on 12 Jun 2007 - 15:48
- when is anyone affected by these bugs haha
-
(2 replies)
#16 Posted by ellianth on 12 Jun 2007 - 15:52
- All you people who are defending apple should write Steve a(nother) thank you letter. Hopefully he'll find time to read yours. But don't get your hopes up, he has 'tens of dozens', of thank you letters to read from his iTunes fan base.
-
#16.1 Posted by ikyouCrow on 12 Jun 2007 - 16:23
- thank you letter? more like hate mail!
the first thing to happen when i install the thing, it crashes Firefox (i still can't figure out how).
and this thing is a typical apple application: rather than using the existing framework, they try to re-invent the wheel. as soon as the thing opens, it prompts me for my domain password (i tested this on a pc on work). every other browser on the planet "just works" with domain authentication, apple brings their keychain madness with them.
they also brought along their own font smoothing engine. everybody else can use cleartype and dodge the overhead, but not Apple.
sheets? i hope this is a place holder for an actual dialog. if i wanted swishing dialogs, i'd stick to the mac (where i don't even use Safari anyway).
Safari on Windows is pretty much that, Safari on Windows. a straight-up port, right down to the Mac OS technologies they felt we needed (Windows is keyboard accessible by design; we didn't need you to not make your app. conform and then pretend to offer me the ability to tab between links and fields).
take this one off the website, Apple. this one just ain't ready for primetime. -
#16.2 Posted by +Ned on 12 Jun 2007 - 21:24
- I had no issues using Firefox when I installed it. It does, however, install Quicktime right along with it. I wasn't able to get Quicktime to start up after I installed the beta. They may want to look into that. Nothing Apple makes conforms to windows look and feel.
-
(3 replies)
#17 Posted by +Ji@nBing on 12 Jun 2007 - 16:29
- I don't expect it to be any good. I mean, iTunes and Quicktime for Windows are nothing short of horrific. Safari will be the same. Apple can make great software on their own little enclosed platform (and really, who couldn't?), but as soon as they get out of that and have to deal with more variables, thier software goes to complete crap.
-
#17.1 Posted by roadwarrior on 12 Jun 2007 - 17:21
- Quote -Apple can make great software on their own little enclosed platform (and really, who couldn't?)
Well, despite Apple giving away the development tools, Microsoft still can't seem to get their act together with Office or Messenger, not to mention the fact that they abandoned IE and Media Player. -
#17.2 Posted by whocares78 on 13 Jun 2007 - 06:09
- Quote - (roadwarrior said @ #17.1)Quote -Apple can make great software on their own little enclosed platform (and really, who couldn't?)
Well, despite Apple giving away the development tools, Microsoft still can't seem to get their act together with Office or Messenger, not to mention the fact that they abandoned IE and Media Player.
and MS don't give away theirs ???
that is just a stupid comment. -
#17.3 Posted by whocares78 on 13 Jun 2007 - 06:10
- agreed
-
#18 Posted by digitalmorphine on 12 Jun 2007 - 16:34
- For me it's crashing on almost every site.
It even crashes on Apple's SUPPORT page!
-
(7 replies)
#19 Posted by rbet on 12 Jun 2007 - 16:47
- Look at my screenshot of my first run of Safari! Notice the absence of any text; also the addressbars and search bars are not clickable! BWHHAHAHAHHAHAHHA!
Good start Apple! (y) -
#19.1 Posted by solgae on 12 Jun 2007 - 16:59
- I'd try reverting your theme back to default and see what happens....
-
#19.2 Posted by rbet on 12 Jun 2007 - 17:19
- Quote - (solgae said @ #21.1)I'd try reverting your theme back to default and see what happens....
Naah... I uninstalled it. -
#19.3 Posted by roadwarrior on 12 Jun 2007 - 17:23
- You try running a beta browser on a hacked copy of Windows, and you don't expect odd behavior and blame the browser? That's just plain stupid, end of story.
-
#19.4 Posted by bangbang023 on 13 Jun 2007 - 03:21
- Quote - (roadwarrior said @ #19.3)You try running a beta browser on a hacked copy of Windows, and you don't expect odd behavior and blame the browser? That's just plain stupid, end of story.
You're either being blinded by your bias or you have no comprehension on the hacked uxtheme file and it's lack of effects on an install. The problems being exhibited are not caused by a hacked uxtheme. Hacking the uxtheme ONLY removes a security check, nothing more. -
#19.5 Posted by whocares78 on 13 Jun 2007 - 06:12
- Quote - (roadwarrior said @ #19.3)You try running a beta browser on a hacked copy of Windows, and you don't expect odd behavior and blame the browser? That's just plain stupid, end of story.
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does) -
#19.6 Posted by offroadaaron on 13 Jun 2007 - 07:28
- Quote - (whocares78 said @ #19.5)Quote - (roadwarrior said @ #19.3)You try running a beta browser on a hacked copy of Windows, and you don't expect odd behavior and blame the browser? That's just plain stupid, end of story.
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does)
there have been some stupid comments but your definitely takes the cake!!!! -
#19.7 Posted by whocares78 on 14 Jun 2007 - 08:20
- Quote - (offroadaaron said @ #19.6)Quote - (whocares78 said @ #19.5)Quote - (roadwarrior said @ #19.3)You try running a beta browser on a hacked copy of Windows, and you don't expect odd behavior and blame the browser? That's just plain stupid, end of story.
it doesn't llook like a hacked copy to me, it's vista by the looks of it, i bet it just doens't work on vista (not much does)
there have been some stupid comments but your definitely takes the cake!!!!
how is that comment stupid. is it that it doesn't look like a hacked copy (i was being sarcastic, i.e how the hell does the guy know it's a hacked copy just by looking at a screen shot) is it the not much works on vista thing, cause i don't know if youve tried but not much does or was it the looks liek vista bit, well it does a bit
-
#20 Posted by SniperX on 12 Jun 2007 - 17:26
- It has nothing to do with a Windows theme, that's for certain. I've been playing with this bug all morning and my gut tells me that it's related to the lucida grande font version on the user's computer.
If I remove my lucida grande font, I get the empty menu which appears in the above screenshot. If I use the version of lucida grande that I had previously, the font looks Russian however. If I remove lucida grande and hope that Safari installs it, well, it doesn't seem to.
It's an odd one...
-
(2 replies)
#21 Posted by RAID 0 on 12 Jun 2007 - 19:20
- It wouldn't surprise me if this was done on purpose to show "how crappy Windows is". "Hey guys look! Come to OS X!" Maybe that's just me who thinks it was done deliberately.
-
#21.1 Posted by bbfc_uk on 12 Jun 2007 - 19:41
- I can see them making a new 'PC vs. Mac' ad for this.
-
#23 Posted by bibutteryboy on 12 Jun 2007 - 21:57
- Quote -This is what neowin says: This is BETA software!, please use caution when installing it on your system
You would have to be stupid to install it and not expect problems to occur, this is why its not forced upon you. Apple are not forcing it upon people to install it, they are simply allowing people at their own will to install it. Anyone who thinks this should be perfect from the ready shouldnt be installing such things.
Well then, maybe Apple should remove it from it's front page. I don't see any indication from Apple on thier site that states that this "public beta" may cause problems. In fact, it pretty much says the opposite.
-
#24 Posted by NS70 on 13 Jun 2007 - 00:07
- The security of Apple's software is no more or less secure than Microsoft's software.
Now we'll get some real insight (although limited) into just how more "secure" Apple's software is than Microsoft's.
Simply put, it's not. :-)
Apple unveiled a beta of a Windows version of its Safari web browser on Monday. The final product is scheduled for release in October. In a keynote presentation at Apple's Worldwide Developers Conference in San Francisco, chief executive Steve Jobs claimed that the browser would run up to twice as fast as Microsoft's Internet Explorer, but did not mention Internet Explorer's security record.