With Windows port, a bug-hunting Safari for Apple

Security researchers have found as many as 18 bugs in Safari 3.0, just one day after its release.

Security researchers have jumped on Apple Inc.'s beta version of the Safari browser, digging up as many as 18 bugs in the software, just one day after its release.

Researchers Aviv Raff, David Maynor and Thor Larholm all reported flaws in the browser, shortly after it was made available on Monday. Maynor alone said he'd discovered six bugs, including two that could be used to run unauthorized software on a victim's PC.

Safari 3.0 is getting more attention because, for the first time, Apple has made a Windows version of the software available. Now the software can be downloaded by a much larger group of testers.

Another researcher, Tom Ferris said his vulnerability testing "fuzzer" software turned up 10 flaws in the browser in just five minutes.

He had harsh words for Apple's security team. "That's horrible, and just goes to show that they took no initiative to fuzz their own software," he said Tuesday in an e-mail interview.

Apple itself had little to say about all of the bug-finding. "We take security very seriously and we're investigating these reports," an Apple spokesman told IDG News Service before declining to comment further.

Although Safari 3.0 is beta code, and expected to include bugs, Ferris said that Apple's team should have tested it more carefully before making it available to such a large group of testers. "In order to have a useful beta test of a Web browser people need to use it in the real world, which is ultimately exposing them to malware," he said.

Ferris and other researchers were also eager to deflate Apple's claim that, "Apple engineers designed Safari to be secure from day one," a statement that Raff called "pathetic."

The Safari vulnerabilities were widely reported Tuesday on blogs and technology news, but according to Matthew Baker, too much was made of the issue. "Reporting as news that a beta program has bugs... seems like reporting that there's rain in Seattle," he wrote via e-mail.

"The beta version is being held to the standard that a Gold Master copy should," said Baker, a Mac user who works as a customer service representative with First Utah Bank in Salt Lake City Utah. "It just seems to me that some people... feel some sort of pleasure in reporting issues with Apple's software."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments