Security researchers have jumped on Apple's beta version of the Safari browser, digging up as many as 18 bugs in the software, just one day after its release.
Researchers Aviv Raff , David Maynor, and Thor Larholm all reported flaws in the browser shortly after it was made available on Monday. Maynor alone said he'd discovered six bugs, including two that could be used to run unauthorized software on a victim's PC.
Safari 3.0 is getting more attention because, for the first time, Apple has made a Windows version of the software available. Now the software can be downloaded by a much larger group of testers.
Another researcher, Tom Ferris, said his vulnerability testing "fuzzer" software turned up 10 flaws in the browser in just five minutes.
He had harsh words for Apple's security team. "That's horrible, and just goes to show that they took no initiative to fuzz their own software," he said Tuesday.
Apple itself had little to say about all of the bug-finding. "We take security very seriously, and we're investigating these reports," an Apple spokesman told IDG News Service before declining to comment further.
Although Safari 3.0 is beta code and expected to include bugs, Ferris said that Apple's team should have tested it more carefully before making it available to such a large group of testers. "In order to have a useful beta test of a Web browser, people need to use it in the real world, which is ultimately exposing them to malware," he said.
Ferris and other researchers were also eager to deflate Apple's claim that "Apple engineers designed Safari to be secure from day one," a statement that Raff called "pathetic."
The Safari vulnerabilities were widely reported Tuesday on blogs and technology news, but according to Matthew Baker, too much was made of the issue. "Reporting as news that a beta program has bugs ... seems like reporting that there's rain in Seattle," he said.
"The beta version is being held to the standard that a Gold Master copy should," said Baker, a Mac user who works as a customer service representative with First Utah Bank in Salt Lake City Utah. "It just seems to me that some people ... feel some sort of pleasure in reporting issues with Apple's software."
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
Recommend This
