Apple releases Safari 3.0.1 Public Beta for Windows with numerous security improvements

Apple has released Safari 3.0.1 Public Beta for Windows XP and Vista which includes numerous security improvements which Apple notes do not affect Safari 3 Public Beta for Mac OS X.

Safari 3.0.1 Public Beta for Windows addresses the following issues in Safari 3 Public Beta for Windows:

CVE-ID: CVE-2007-3186
Impact: Visiting a malicious website may lead to arbitrary code execution.
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.

CVE-ID: CVE-2007-3185
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution.
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.

CVE-ID: CVE-2007-2391
Impact: Visiting a malicious website may allow cross-site scripting.
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.

The update is available via the “Apple Software Update” application, which is installed with the most recent version of QuickTime or iTunes on Windows.

MacDailyNews Take: That was about as fast as, oh, say, putting a cigarette out in someone’s eye and certainly more productive.

58 Comments

  1. Hey, hey, now the silly un-informed conspiracy folks can come out and say that Apple release Safari 3 on purpose to show that the Mac OS is more secure than Windows.
    ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  2. Stupid move. Apple should have done more testing. Now thousands of Windows users are pissing and moaning about how lousy Safari is, after using it before this release. I know, I know, it’s a beta release. Tell that to the media.

  3. Ok, to ANYONE who is bashing Apple for releasing an application with “bugs” or “security issues”, etc. – SHUT THE PIE HOLE! Do you know the meaning of the word BETA???? One of the purposes of releasing a program in beta to the public is TO FIND ADDITIONAL PROBLEMS – IE BUGS AND SECURITY PROBLEMS, only then can the company (Apple) make the necessary changes! Apple does not have the experience in releasing Windows apps like many other companies, and therefore, this is probably the best way for their staff to find the remaining problems and get them corrected before releasing a GM of the app. Good God people, you think a beta application shouldn’t have any problems to it!

  4. Can I say Safari 3 works perfectly on my system, but then I was smart enough to buy a Macintosh.

    And – to those Windows users who are whinging – a) remember what the Vista beta was like and b) it’s a fscking beta. Microsoft were responsible for the rise in popularity of public beta programmes back when they pre-launched Win95 (a whole operating system – although that’s using the term loosely) and got a couple of million people to help them debug it – don’t whine if Apple now uses the same approach for a browser.

  5. @iprodreviews

    In response to this, Apple tested the speed of Safari independent of the internet, in otherwords raw compiling and load speeds. You can’t perform a speed test using live data from the internet because there are too many variables. You are relying on the speed of the servers from the hosted site, you are relying on the packet data delivery, and you are relying on your connection as well.

    Speed has to be determined with all of those variables removed, otherwise the test is useless. Apple understood this and that is how they tested Safari’s speed.

  6. Let’s see M$ or even Firefox fix vulnerabilities in less than 3 days! They never get security updates out even close to this fast. Anyone that is bitching about this Safari beta for Windows is nothing more than a M$ fanboi anyway…

  7. @ iprodreviews.blogspot.com:

    The tester used a website that Safari is known to have issues with. Even if that wasn’t the case, they only used one website to test, which is statistically worthless, unless you only use one website. The tester really should test it on several websites using different technologies (such as JavaScript, CSS, AJAX, larged nested tables, etc.) and see who comes out ahead on all of them.

  8. The turnaround speed was interesting. What this means is a TON of advertizing for Apple. Even if bad, everyone was hearing about Safari for Windows. Apple shows that it is lightening quick to fix wrongs showing just how responsive it is to its customers.

    All good…….brilliant!

  9. Funny how Windows folks of all people could scream about a couple of security holes right after a beta was released. I suspect that if this was from Redmond, they’d be lined up to sing Steve Ballmer’s praises, and encouraging people to have patience and give this a chance. They’re the same people who are willing to wait until MS posts its SP1 patch to Vista before they make a final judgment.

    Apple could, and should, have done better in releasing this, though. Apple is the Avis of the pc world, it has to work harder and be better than the market leader. Hopefully this will patch the holes and encourage people to try the browser.

  10. “Now thousands of Windows users are pissing and moaning about how lousy Safari is, after using it before this release. “

    aside from ‘Mac at home windows at work’ and a few really diehard nerds, how many windows users do you really think have even HEARD about it yet? 12? 15?

    this won’t be anything important to the windows world until it starts getting downloaded by millions of iPhone users in a few weeks. as long as it is ready by then…….

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.