Apple has released Safari 3.0.1 Public Beta for Windows XP and Vista which includes numerous security improvements which Apple notes do not affect Safari 3 Public Beta for Mac OS X.
Safari 3.0.1 Public Beta for Windows addresses the following issues in Safari 3 Public Beta for Windows:
CVE-ID: CVE-2007-3186
Impact: Visiting a malicious website may lead to arbitrary code execution.
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution.
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Impact: Visiting a malicious website may allow cross-site scripting.
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.
The update is available via the “Apple Software Update” application, which is installed with the most recent version of QuickTime or iTunes on Windows.
MacDailyNews Take: That was about as fast as, oh, say, putting a cigarette out in someone’s eye and certainly more productive.
Wow, that was quick.
Hey, hey, now the silly un-informed conspiracy folks can come out and say that Apple release Safari 3 on purpose to show that the Mac OS is more secure than Windows.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Stupid move. Apple should have done more testing. Now thousands of Windows users are pissing and moaning about how lousy Safari is, after using it before this release. I know, I know, it’s a beta release. Tell that to the media.
see! it’s what beta is all about
and perhaps a sneaky ploy to gain more publicity
so, the media says… “Safari Beta is buggy!” to which most people reply “yeah, it’s a beta”.
i think stupidity is overblown.
Ok, to ANYONE who is bashing Apple for releasing an application with “bugs” or “security issues”, etc. – SHUT THE PIE HOLE! Do you know the meaning of the word BETA???? One of the purposes of releasing a program in beta to the public is TO FIND ADDITIONAL PROBLEMS – IE BUGS AND SECURITY PROBLEMS, only then can the company (Apple) make the necessary changes! Apple does not have the experience in releasing Windows apps like many other companies, and therefore, this is probably the best way for their staff to find the remaining problems and get them corrected before releasing a GM of the app. Good God people, you think a beta application shouldn’t have any problems to it!
But in tests by Wired News Safari was slower than both Internet Explorer 7 and Firefox 2
Check out the story & the test results at
http://iprodreviews.blogspot.com/2007/06/safari-3-is-slower-than-ie-7-firefox.html
“Mac OS X is unaffected.”
As usual. Nothing to see here.
Can I say Safari 3 works perfectly on my system, but then I was smart enough to buy a Macintosh.
And – to those Windows users who are whinging – a) remember what the Vista beta was like and b) it’s a fscking beta. Microsoft were responsible for the rise in popularity of public beta programmes back when they pre-launched Win95 (a whole operating system – although that’s using the term loosely) and got a couple of million people to help them debug it – don’t whine if Apple now uses the same approach for a browser.
@iprodreviews
In response to this, Apple tested the speed of Safari independent of the internet, in otherwords raw compiling and load speeds. You can’t perform a speed test using live data from the internet because there are too many variables. You are relying on the speed of the servers from the hosted site, you are relying on the packet data delivery, and you are relying on your connection as well.
Speed has to be determined with all of those variables removed, otherwise the test is useless. Apple understood this and that is how they tested Safari’s speed.
Let’s see M$ or even Firefox fix vulnerabilities in less than 3 days! They never get security updates out even close to this fast. Anyone that is bitching about this Safari beta for Windows is nothing more than a M$ fanboi anyway…
@ iprodreviews.blogspot.com:
The tester used a website that Safari is known to have issues with. Even if that wasn’t the case, they only used one website to test, which is statistically worthless, unless you only use one website. The tester really should test it on several websites using different technologies (such as JavaScript, CSS, AJAX, larged nested tables, etc.) and see who comes out ahead on all of them.
The turnaround speed was interesting. What this means is a TON of advertizing for Apple. Even if bad, everyone was hearing about Safari for Windows. Apple shows that it is lightening quick to fix wrongs showing just how responsive it is to its customers.
All good…….brilliant!
Funny how Windows folks of all people could scream about a couple of security holes right after a beta was released. I suspect that if this was from Redmond, they’d be lined up to sing Steve Ballmer’s praises, and encouraging people to have patience and give this a chance. They’re the same people who are willing to wait until MS posts its SP1 patch to Vista before they make a final judgment.
Apple could, and should, have done better in releasing this, though. Apple is the Avis of the pc world, it has to work harder and be better than the market leader. Hopefully this will patch the holes and encourage people to try the browser.
“Now thousands of Windows users are pissing and moaning about how lousy Safari is, after using it before this release. “
aside from ‘Mac at home windows at work’ and a few really diehard nerds, how many windows users do you really think have even HEARD about it yet? 12? 15?
this won’t be anything important to the windows world until it starts getting downloaded by millions of iPhone users in a few weeks. as long as it is ready by then…….
Same application, different platforms. I can’t imagine a better comparison of the inherent security of both platforms. Probably a better test than iTunes because the internet is the security metric these days. The development fork didn’t hurt iTunes, let’s hope it’s the same for Safari.
Long live Unix and Apple’s ability to let most users not care what it is.
Anyone notice that Safari for Windows does not follow the Windows OS look and feel and guidelines at all? Look at the way notification boxes slide out of the menu bar, the way fonts are rendered, clicking and dragging images from a web page to a desktop, preference panes, etc…. Compare this with iTunes for Windows which does follow the Windows UI more closely, where for example the preferences are divided into tabs (typical Windows style). It’s like instead of just porting Safari to Windows, they have created a Mac “layer” on top of Windows. It’s weird.
While I see both sides of this argument, Apple almost always has the high ground on quality and stability of its software, particularly compared to M$. Most of the time, if not always, an Apple “beta” exceeds M$’s released software in quality
Apple released a bad, bad first beta, there’s no getting around it here. In this one instance, Apple blew it.
iTunes keeps crashing since I installed Safari on my Mac.
You have to wonder if this was intentional… I mean, an update fixing vulnerabilites just 2 days after a software release makes Apple “look good” for being responsive while at the same time it really points out the flaws of the Windows platform… Hmm.
Considering that this safari product is actually the latest product to be ported from OSX. Chances are, it is using the same framework that Itunes is using, but it is a much more feature filled framework.
I don’t know if it’s my imagination but Safari3 is pretty snappy on my G4 powerbook.
This is another ice cube for the water glass (in hell)
I’ve been looking for 15 minutes trying to figure out how to do the update. Anyone here know how to do it? Thanks.
I would be more shocked if the beta was perfect in every way.