apple
Report a problem

After hacker dissection, Safari beta is patched

Slimy   on 14 June 2007 - 22:02 · 41 comments & 15150 views

Advertisement (Why?)
Three days after releasing Safari 3.0, Apple has issued its first patch of the beta software: Safari 3.0.1, which fixes three flaws in the browser including security vulnerabilities. Although the issues found in the first beta release were surprisingly numerous, security researchers are applauding Apple for pushing out the update so quickly. Apple has often taken weeks or months to release patches and updates in response to vulnerability concerns. This is the first time that Apple has released a version of Safari for the Windows platform. Because it now can be run on a much larger number of systems, the code has been getting more attention from the security community.

News source: InfoWorld

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: Slimy
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

 

Post a comment · Send to friend Comments · There are 41 additional comments
(3 replies) #1 vetmarkjensen on 14 Jun 2007 - 22:07
In the first FPN article on the discovered Safari flaws, this is exactly what I said that I would expect on this. A patch to be issued. Same as I would have expected of Microsoft or of a Linux vendor.

It doesn't matter if this is "beta" or not. If a security bug is found, it must be fixed. Period.
#1.1 whocares78 on 15 Jun 2007 - 03:07
it entirely matters whether it is beta or not, security issues in beta do not have to be fixed, apple was nice and fixed it, they have to be fixed in the release version i agree, but you once again fail to realise beta is just that beta, it is done so that developers don't have to test every possible scenario themselves, beta is companies getingtheir users to do testing for them as they can't test all the possible scenarios by themsleves.
#1.2 reidtheweed01 on 15 Jun 2007 - 05:48
Quote - (whocares78 said @ #1.1)
it entirely matters whether it is beta or not, security issues in beta do not have to be fixed, apple was nice and fixed it, they have to be fixed in the release version i agree, but you once again fail to realise beta is just that beta, it is done so that developers don't have to test every possible scenario themselves, beta is companies getingtheir users to do testing for them as they can't test all the possible scenarios by themsleves.


No, this is something that needs to be fixed in a beta. It's out there so people can test it, and who the **** would want to even touch it if its going to screw up their entire computer. I can understand not quickly fixing something that may cause the browser to crash, or how it may render some pages strange, but a security flaw HAS to be fixed, or else their is no point in even having a beta if its going to put the testers at risk.
#1.3 whocares78 on 15 Jun 2007 - 08:11
Quote - (reidtheweed01 said @ #1.2)
No, this is something that needs to be fixed in a beta. It's out there so people can test it, and who the **** would want to even touch it if its going to screw up their entire computer. I can understand not quickly fixing something that may cause the browser to crash, or how it may render some pages strange, but a security flaw HAS to be fixed, or else their is no point in even having a beta if its going to put the testers at risk.


I disagree entirely, you are all totally overreacting, i ask you this, is their any virus, application, anything at all that takes advantage of the vulnerability that was discovered, the answer from what i have seen is no, therefore being beta i expect they woudl release a new beta or even release version that fixes the majority of issues found in the beta (probably in a couple of weeks) had the issue not been so dramatised, instead they have released a patch which fixes a couple of the issues but stilll has a high number of other known issues which are to the end user causing more issues, e.g most users will not care about security, however will care if they can't load their web pages.

i do not see how you can claim "who the **** would want to even touch it if its going to screw up their entire computer" i have seen any evidence of the security issue causing any issues, but if you can point me in the direction of any exploits that use this vulnerabilty then i agree with you it should be fixed,

People that install beta do so at their own risk, if they don't understadn the consequences of beta software they shouldn not install it, and yes i did not see any warnings on the mac website of the sort which i think is a very bad thing, and what casued most of these forums. The fact is bet is beta and most if not all betas are released with known issues, so just by the fact of what beta software represents you are at risk using beta software whether there is a security issue or not

#2 Tech001101 on 14 Jun 2007 - 22:14
great response time Apple.
#3 Lasker on 14 Jun 2007 - 22:37
Thank you Apple. At least they listen
(2 replies) #4 Kushan on 14 Jun 2007 - 22:42
I'm glad Apple is fixing bugs quickly, however that still doesn't excuse the number of fanboys out there who claim that the only reason Safari was bugged in the first place was because windows itself was not secure.

So I think from now on any time some random Mac Zealot (please note I'm only talking about the fanboys, not the average mac user) tries to pull that excuse, I'll tell them that by Apple releasing patches so quickly here and so slowly on the mac just shows much better windows is for developing stuff :rofl:
#4.1 whocares78 on 15 Jun 2007 - 03:08
LMOA nice answer
#4.2 QuarterSwede on 16 Jun 2007 - 04:33
Not a fanboyism answer but it is interesting that none of those security issues affected the Safari 3 beta on OS X. Sooooo I don't see your point. It just makes Windows look worse and Apples devs look better.
#5 osirisX on 14 Jun 2007 - 22:43
They seem to be getting quicker with their response times lately. First they patched the Quicktime/Javascript flaw in 10 days and now this.
#6 RealFduch on 14 Jun 2007 - 22:43
They listened...
for the first time. Fire in the hole?
(4 replies) #7 :: Lyon :: on 14 Jun 2007 - 22:44
Does this fix the other issues though? bugs , font rendering, etc
#7.1 virtorio on 14 Jun 2007 - 22:54
Whats wrong with front rendering?
#7.2 vetneufuse on 14 Jun 2007 - 23:05
Quote - (virtorio said @ #7.1)
Whats wrong with front rendering?


it looks absoutly horrible! it looks like a blur filter over the text..
#7.3 virtorio on 14 Jun 2007 - 23:20
Quote - (neufuse said @ #7.2)
Quote - (virtorio said @ #7.1)
Whats wrong with front rendering?


it looks absoutly horrible! it looks like a blur filter over the text..

You mean this? http://www.joelonsoftware.com/items/2007/06/12.html

They do it differently, doesn't mean it’s wrong. Far as I’m concerned the Apple way looks better. Though they probably should have an option to use the rendering method of the OS.
#7.4 vetDirtyLarry on 15 Jun 2007 - 00:39
Quote - (virtorio said @ #7.3)
Quote - (neufuse said @ #7.2)
Quote - (virtorio said @ #7.1)
Whats wrong with front rendering?


it looks absoutly horrible! it looks like a blur filter over the text..

You mean this? http://www.joelonsoftware.com/items/2007/06/12.html

They do it differently, doesn't mean it’s wrong. Far as I’m concerned the Apple way looks better. Though they probably should have an option to use the rendering method of the OS.

Nice link. Being a designer myself I definitely prefer Apples way, but strangely enough I can see the logic behind both approaches actually.
(2 replies) #8 Lasker on 14 Jun 2007 - 22:45
I hope they fix also the memory leak issue

#8.1 Jugalator on 14 Jun 2007 - 23:18
It doesn't, or the problems int'l users have been having, or the text issues. It fixes a subset of the discovered security holes.
#8.2 Naughty Dog on 15 Jun 2007 - 01:56
Even Firefox doesn't munch up as much RAM on my machine and I have 8 extensions! Firefox uses 75MB and stays there but Safari idled goes to 250MB and above really quick. I have 1.5GB of DDR400 RAM btw for those curious.
#9 *io* on 14 Jun 2007 - 22:48
someone into conspiracy theories may suspect that they released a known buggy browser with a patch waiting in the wings

Seems that peoples reception to this could have been predicted...
#10 EduardValencia on 14 Jun 2007 - 23:01
damn it's crippled with bugs,at least they need to fix it,and don't let it crash when i type in google.com :/
#11 RAID 0 on 14 Jun 2007 - 23:15
That was fast. Good to see Apple on top of things.
#12 Jugalator on 14 Jun 2007 - 23:17
The problem is that this update doesn't even fix all by now publicly known security holes.

Hmm, but it's a good start of course.
#13 solardog on 14 Jun 2007 - 23:26
See, now thats impressive.
#14 naap51stang on 14 Jun 2007 - 23:37
Why is there a 30 second delay? I launch Safari, it loads, then down on the bottom bar it says "loading bla bla bla"
and sits there for 30-45 seconds before the page loads. Once it loads, then you can refresh and it pops right up.
Firefox doesn't do that. I'm just curious. Other than that, I don't see anything wrong with it. The more browsers,
the better.
#15 betasp on 14 Jun 2007 - 23:42
Wait, I thought Apple responded with marketing and spin....
#16 wilbert on 15 Jun 2007 - 00:09
Security is one side, the other is usability. Safari is "ok", however IE 7 and Firefox outperform. There is nothing there that makes me want to switch. IE 7 is a good browser.
(2 replies) #17 spikey_richie on 15 Jun 2007 - 00:12
Am I the only user who attempted to use the browser through a proxy? By the way, if I enter my proxy login or even click cancel, the app. crashes.
#17.1 virtorio on 15 Jun 2007 - 00:16
I do but don't have any issues.
#17.2 random_n on 15 Jun 2007 - 01:37
I can't even get the option to add a proxy; it's greyed out. Funny little program...
(1 reply) #18 Markodan on 15 Jun 2007 - 00:53
This is the worst browser ever. It simply does not work. My network uses a proxy so it simply freezes on start. There is no way to enter any details. On another computer I have, it loads but all the menus are blank. What gives? This should not have been released as a beta it is still alpha.
#18.1 EduardValencia on 15 Jun 2007 - 02:01
Agree,it's very bad,tons and tons of bugs,not even worth being a BETA
(1 reply) #19 MGS3-SS on 15 Jun 2007 - 01:01
If it was IE, we would have seen the patch at the end of the 3rd month after the bug was found.
#19.1 wilbert on 15 Jun 2007 - 03:28
Ummm, yea, however Microsoft spends quite a bit of time on QA with all of their fixes becuase of their install base. This is not to say they could not be a little faster...
(1 reply) #20 ambiance on 15 Jun 2007 - 01:07
http://www.firefoxflicks.com/flick/?id=19542
#20.1 Lasker on 15 Jun 2007 - 01:10
that video is funny
(2 replies) #21 bibutteryboy on 15 Jun 2007 - 02:05
Quote -
someone into conspiracy theories may suspect that they released a known buggy browser with a patch waiting in the wings


that's what I was thinking
#21.1 wilbert on 15 Jun 2007 - 03:33
That has some merit. Apple releases browser, a major bug is found in 2 days, and then Apple has a fix in less than 24 hours. So, either Apple QA sucks or they knew about it and waited for someone to find it then launched the fix.

I go with the first option. If they knew about the bug they could have just made a new build that day and posted it.
#21.2 rtk on 18 Jun 2007 - 06:12
It was most assuredly fast tracked through QA, doesn't matter because it's a "beta" (Apple's playing a little fast and loose by calling this anything but an alpha build).

But it's not about stability, security or quality at this point. Turning out a new build after three days will rejuvenate the download counts for the news report on it's first week of availability.

Form over function, of course.
#22 PatrynXX on 15 Jun 2007 - 02:59
Disliked the study icon claiming among other things that Opera is the worst in javascript. Actually saying Internet Explorer is better. Sorry I use Opera 9.2 quite often and really don't have a problem with javascript. however Opera 9.2 isn't quite ready for Vista yet. That nifty and silly section on mmc that shows on a line graph how reliable Vista is, is being dragged all the way down to 1.23 because of Opera most of the time. It's crashed at least once every day except 2 days since I installed this in early May. But because it usually saves where I was last, it isn't an inconvient crash. Simply start it back up and I'm back. And although I can use a plugin for mouse gestures in Firefox, that plugin isn't 100% just yet. Opera's is and thats why I use it. Safari is installed, but seems rather pointless. Even having IE on here is pointless because windows update isn't run off the web browser anymore. My roboform works in firefox only. Unless someone has a plugin like roboform, Opera remains the secondary, but more use browser.
#23 Zoide on 15 Jun 2007 - 17:33
Safari installs but does not run if your Windows XP username has international characters in it. For instance, if your username is José, and your application files get stored in C:/Documents and Settings/José, the app doesn't start up.

If I create a username with no accents, however, Safari runs without any issues. This is exactly the type of problem that I had with Democracy Player about a year ago.

What's with this lack of support for users with accented names? Has anyone found a way to get around this bug, other than removing the accents from their name?

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net