digg

Facebook Connect Join Digg About

Apple updates Windows Safari to Version 3.01 fix some of the security bugs

apple.com The update is available in their software update program on windows/mac. Maybe they should update their site to say "Our engineers have make safari to be secure from day 4 ;)

Who dugg this? Made popular Jun 14, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

208 Comments

show profanity settings
expand all
  • jonnyeh, on 10/11/2007, -25/+146Bugs in a beta? I'm sure they were shocked!
  • MacParrot, on 10/11/2007, -7/+74Isn't everyone a little tired of the "fanboys" tag given to anyone with a different point of view?

    Look, Apple released a public beta for Safari on Windows. The first release had big problems, they fixed some (I'm sure there will be others) and released patches.

    If you're interested, download the new version, try it, and report issues. Like responsible adults or is that too much to ask for here?
  • tadunne, on 10/11/2007, -1/+61I have notification because I'm signed up to the Apple security mailing list. Things get posted their quicker than the site.

    Here's the list of bugs fixed.

    APPLE-SA-2007-06-14 Safari Beta 3.0.1 for Windows

    The Safari 3 Public Beta was released on June 11 for Mac OS X and
    Windows XP/Vista. This beta software is for trial purposes and
    intended to gather feedback prior to a full release. As with all our
    products, we encourage security researchers to report issues to
    product-security@apple.com.

    Safari 3.0.1 Public Beta for Windows is now available and addresses
    the following issues in Safari 3 Public Beta:

    CVE-ID: CVE-2007-3186
    Available for: Windows XP or Vista
    Impact: Visiting a malicious website may lead to arbitrary code
    execution
    Description: A command injection vulnerability exists in the Windows
    version of Safari 3 Public Beta. By enticing a user to visit a
    maliciously crafted web page, an attacker can trigger the issue which
    may lead to arbitrary code execution. This update addresses the
    issue by performing additional processing and validation of URLs.
    This does not pose a security issue on Mac OS X systems, but could
    lead to an unexpected termination of the Safari browser.

    CVE-ID: CVE-2007-3185
    Available for: Windows XP or Vista
    Impact: Visiting a malicious website may lead to an unexpected
    application termination or arbitrary code execution
    Description: An out-of-bounds memory read issue in Safari 3 Public
    Beta for Windows may lead to an unexpected application termination or
    arbitrary code execution when visiting a malicious website. This
    issue does not affect Mac OS X systems.

    CVE-ID: CVE-2007-2391
    Available for: Windows XP or Vista
    Impact: Visiting a malicious website may allow cross-site scripting
    Description: A race condition in Safari 3 Public Beta for Windows
    may allow cross site scripting. Visiting a maliciously crafted web
    page may allow access to JavaScript objects or the execution of
    arbitrary JavaScript in the context of another web page. This issue
    does not affect Mac OS X systems.



  • troydoogle7, on 10/11/2007, -6/+58There is no changelog anywhere... nice work on patching security bugs so quickly.... i think the ..... must have hit the fan at the apple headquarters when the bugs started coming out so quickly....
  • zavigny, on 10/11/2007, -4/+49"Our engineers have make safari to be secure from day 4 ;)

    Will they release a patch for your grammar soon also?
  • inactive, on 10/11/2007, -44/+83The internet pretty much raped them a new ***** for once again acting very smug and toting their product as 'the best, most secure' browser when in fact it was not, regardless of its version state (alpha, beta, whatever).
  • malimu, on 10/11/2007, -11/+44Bravo to Apple for fixing these bugs so quickly. I've never used Safari on the Mac, but so far I'm impressed with the Windows version. I can't wait to see what the final release of this browser is like.
  • sykkn, on 10/11/2007, -9/+41"To all the fanboys crying about how betas are supposed to behave this poorly:"

    Betas are not "supposed" to behave poorly, but you should use them knowing that they have the "potential" to.
  • zerostar1979, on 10/11/2007, -14/+43Wow that was quick! No where is my Vista SP1?????
  • lunarworks, on 10/11/2007, -13/+41ilyag: "The Firefox 3 ALPHA is far more stable than Safari 3 BETA. And when I say "far more stable", I mean FAR MORE STABLE."

    Firefox 3 has a long and stable Windows history to build on. You'd expect them to be pretty far along. Safari is brand-new to Windows.
  • inactive, on 10/11/2007, -15/+38I don't use IE but I know better than to believe someone when they say their software is flawless, secure, and 'the best' - especially when its coming from the mouth of the person that will reap all the revenue from market overhype anyway.
  • tadunne, on 10/11/2007, -15/+38Interesting how quickly the fact that there was bugs got the the front page. No one seems interested that they was potentially fixed?
  • Karyyk, on 10/11/2007, -2/+24I'd prefer Service Pack 3 for XP...
  • Red_Eye, on 10/11/2007, -15/+37Actually its likely all part of the game plan. Think about it. Whats the reason everyone says there are few mac security exploits?

    Market Share.

    How do you fix that? Why release the browser on the highest market share platform. Then watch the attacks commence, and fix the problems on your core platform before they are discovered there.

    Granted not all the code is the same, but some of it is.
  • danielandrews, on 10/11/2007, -2/+23"If you're interested, download the new version, try it, and report issues. Like responsible adults or is that too much to ask for here?"

    You must be new here ;)
  • Fly1m1, on 10/11/2007, -11/+31No waiting till the second Tuesday of the month with Apple.
  • sid0, on 10/11/2007, -1/+20@Hortnon: OF COURSE Windows Vista SP1 is coming.

    http://www.windows-now.com/blogs/robert/archive/2007/06/06/another-microsoft-open-secret-exposed-windows-vista-sp1-exists.aspx
  • pkulak, on 10/11/2007, -4/+23Try loading a Digg page with 400+ comments in Safari and Firefox. I was pleasantly surprised with Win Safari.
  • anonym41414, on 10/11/2007, -8/+25"Release the browser on the highest market share platform. Then watch the attacks commence, and fix the problems on your core platform before they are discovered there."

    So you're saying Apple wants to fight them over there so they don't have to fight them at home?

    Ya, gr8 plan, d00d.
  • meechwings, on 10/11/2007, -9/+26To everyone saying that "it's only beta software":
    Yes, it's understandable that beta software is going to have a bug, or two, or six. What some of us take issue with is the fact that Apple is claiming that Safari "has been built to be secure from day 1." From these numerous reports, it clearly is not secure.

    Go ahead, claim that it is fast (though some beta testers report even that's not true) and lightweight. But don't claim something that you can't back up, especially when you've made so much fun of the competition for having insecure software.
  • inactive, on 10/11/2007, -19/+35Ok, so they release a beta and patch some bugs a few days later. How is this a failure? How is it anything but the complete norm for any software company?

    You know what's funny? Watching people waiting for Apple to fail only to see them succeed again and again and again...
  • hanief84, on 10/11/2007, -4/+19PROS
    - The speed baby, the speed is awesome
    - The built-in RSS is nice as well
    - CTRL+F (Search) is cooler than the Firefox. The UI is so killing man!
    - I can resize all the text areas
    - Some UI transitions are looking damn cool!
    - The UI is great, esp. the fonts, text area, scrollbars, radio buttons, check boxes and javascript effects are awesome!
    - No buggy password manager (to me, this is great!)
    - You have an option to make a Private Browsing (the Safari won't record the history nor track you)
    - It has the "copy address" button in the download manager (that's cool!)
    - It has the Activity window. It tells you about the browser's activity

    CONS
    - It's still in Beta (testing version)
    - You need to find the Home button (click View > Customize Toolbar). To throw the buttons just drag it out of the toolbar. You will hear the sound "Woof!"
    - No spell checker
    - WYSIWUG & BBCODE editor not doing very well
    - No plugins for Alexa and Pagerank thing.
    - Forum shortcut keys are not working on this Safari 3 Beta (e.g Alt+S)
    - Left button click on Youtube embedded video won't be opened in the new tab
    - It will stay unhide even if you press Windows key+M to hide everything/show the desktop
    - Missing some words that we've typed (OMG!)
    - You can't sort out the History by Last Visit, Date, Alphanumerically
    - No thumbnail view like IE7 feature
    - No middle button scroll (wheel click scroll)
    - No tabs locker like Opera
    - No F6 shortcut to make the i-beam go straight to address box like Firefox
    - Unable to minimize by double-clicking the Safari taskbar
    - Unable to search (CTRL+F) in a text box
    - Embedded YouTube video player slider is kinda tricky to control. The volume slider as well
    - No auto suggest (according to Google), if you type a single word in the address box. It will go for .com (e.g if you type pisang, it will go for pisang.com
    - Weird http://imageshack.us/ Choose file button alignment.
    - No quit confirmation (e.g Are sure you wanna quit?)
    - Bookmarks cannot be 'middle-clicked'
    - You cannot see the fluid-web flow like the water when you resize the Safari window
    - No fullscreen mode. Press F11, nothing there.
    - Scrolling become so rough when you importing a video in Windows movie maker
    - No tabs recovery feature in case you have any sudden crash
  • pheen, on 10/11/2007, -2/+16No, they released Safari for Windows so developers had something to use to code for the iPhone.
  • robdazomba, on 10/11/2007, -20/+34> To all the fanboys crying about how betas are supposed to behave this poorly:

    Shut up, please. Seriously. I'm a Windows user and it's amazing how quickly the Apple-haters out here get on their MS apologist rant when much of this can be laid at the feet of the OS--and you and I both know it. So just stop. This is essentially the same code running on Windows (Safari is primarily an open source framework with Apple's GUI on top) and yet, the Mac version doesn't have these problems. Hmm... what do you think that might mean? Same code, different OS, and yet only one OS is having the security issues. Odd, huh?

    I have used Windows for 15+ years and what I've learned in that time is that more often than not, it's Windows that's the root cause of security issues. The developer of the applications having problems often have to put in their own hacks and crutches to get things to work properly. Let's stop dumping on Apple for having the same problem that pretty much every Windows developer (including Microsoft) has. It's ridiculous.
  • Chewie67, on 10/11/2007, -11/+24"There is no need for one."

    Jesus, you really drank the Kool-Aid, didn't you?

    XP is 5 years old, and still needs another Service Pack. You think Vista is 100% perfect?

    You are P. T. Barnum's wet dream!
  • MacParrot, on 10/11/2007, -3/+15"His point was that Apple's OS only has to run on one hardware configuration.... Apples."

    And that's their business model and has been (except for the clones in the 90s) since day one. Complaining about it is a waste of time. So far, mass marketing OS X for every processor and motherboard combination isn't what they want to do.

    You see there's this thing called "Choice". You don't have to buy Apple computers. You don't have to use Apple software on Windows. QuickTime, iTunes, and (eventually, though obviously not now) Safari seems to work for a lot of people without problems. Just as Windows works for a lot of people without problems. Your results may vary. Whining about how YOU don't like them is as pointless as the Apple fanboys so many of you are up in arms about saying stupid crap about Microsoft.

    When REAL problems are found, then yes, complaints should be made and Apple as the responsible party should correct them. Just like any other software.

    I said this in an earlier post about Safari. Apple made a serious mistake in forcing Windows users to adopt standard Apple practices with its software. Standard Windows interface guidelines were ignored. That was wrong on Apple's part. Software made for Windows (especially web browsers) need to have some common guidelines which Apple did not use. If they want Safari to be more widely accepted outside of OS X, those changes need to be made.

    It is possible even for long-time Mac users to be critical of Apple. If you want Digg to be a better place, stop assuming that your choices are best for everyone.
  • MacParrot, on 10/11/2007, -4/+16"And still, none of us Windows fans will use it."

    What? A grammar patch
  • lordtyros, on 10/11/2007, -19/+30Last time I checked, Quicktime, iTunes, and Safari for Windows were cumbersome, crash-prone, memory-hogging messes.
  • meatmcguffin, on 10/11/2007, -2/+12Apple make iTunes for Windows which people agree are bloated and slow

    MS made Windows Media Player, IE and Office for the Mac which people agree are bloated and slow

    They just can't code for each other's sytems :)
  • MacParrot, on 10/11/2007, -0/+10You were going to gauge whether or not to buy a Mac on a beta web browser for another OS? Yes, I'm sure you had credit card in hand until Safari for Windows was released.
  • Jomo, on 10/11/2007, -0/+9His point was that Apple's OS only has to run on one hardware configuration.... Apples.
  • tacoburger, on 10/11/2007, -1/+10Just to clarify, there appears to be no update for 3.0 Mac. The description above seems to imply that there is (although the title only mentions Windows).
  • rblinne, on 10/11/2007, -6/+15The proxy is set by setting the proxies for IE.
  • lordtyros, on 10/11/2007, -0/+8Best hardware available? Unfortunately for you, some of us know enough about hardware to realize that there are better possible combinations of hardware for different users.
  • MacParrot, on 10/11/2007, -17/+25With QuickTime, iTunes, and now Safari for Windows, Apple IS releasing software to a wider range of hardware. What was your point again?
  • djpants428, on 10/11/2007, -8/+16@macparrot:

    Definitely sick of hearing "fanboys" used constantly, but "fanbois" is much worse.. I usually stop reading a comment if someone uses the term "fanboi"
  • rmitchell, on 10/11/2007, -7/+15I'm admittedly a huge apple fan but I use windows every single day. I won't be switching Safari for a long time even though it does load pages a bit faster because Firefox is overall the best browser out there, windows or mac.

    @quite a few of you: How about constructing a logical and well thought out representation of your thoughts?
    @the rest: thank you for the intellect in your posts
  • Trancer, on 10/11/2007, -3/+10Security issues on Apple Safari for Windows v3.0.1:
    http://www.rec-sec.co.il/2007/06/12/apple-safari-for-windows-vulnerabilities/
  • Essington, on 10/11/2007, -4/+11@ ilyag
    It isn't that no one at apple has ever heard of proxies, it is that they did the sane thing and placed the proxy configuration at the network level, so when you configure your network adapter, you also configure any proxies required. That way, it is unnecessary for every network application to implement the same functionality.
  • MattInChicago, on 10/11/2007, -3/+10Just my opinion...

    - I don't like the non-windows look.
    - I love the way web pages look some cal this "blurry" but it looks like a printed page to me.
    - I haven't had a crash yet! Based upon what I read here I must be the exception (Running XP).
    - Speed is really good! Not sure if it's a few seconds or what...don't really care.

    Anyway... competition is good and i really don't get this "fanboy" stuff or why other Windows users aren't happy to see Apple do something to shake things up. What's the issue with that?

  • robdazomba, on 10/11/2007, -18/+25Oh yes, please start burying my previous comment.

    Here's an example of what I'm talking about. Let's say the Mac version of Safari calls some string-manipulation functions in the API. OS X's string functions could be pretty solid and secure. When Apple ports Safari, they call the equivalent functions on Windows. If the Windows functions are buggy and allow for, say, buffer overflow exploits or whatnot, you have the same code being insecure on one platform and yet not on another. A developer can (and will) go in and patch that up by writing their own string functions to safeguard against the issue.

    But yeah, go ahead and ignore the reality of it. And when you're done here, I hear Mr. Gate would like his shoes shined, so get on that ASAP.
  • Insurgo, on 10/11/2007, -0/+7As a Windows and Web developer, I'm very happy that Safari has been released for Windows. Now whenever I'm working on the look&feel of a website, I don't have to bug one of my Mac using friends to check the page out in Safari.

    I'm personally a fan of the Opera browser, but now being able to have IE, FF, Safari, and Opera all on the same machine makes my life a whole lot easier.
  • sid0, on 10/11/2007, -3/+9@Hortnon: I do. Right now it's the only OS on my computer. Been so for 4 months.
  • Giga, on 10/11/2007, -0/+6"Definitely sick of hearing "fanboys" used constantly, but "fanbois" is much worse.. I usually stop reading a comment if someone uses the term "fanboi""

    You are lucky I got to the end of your comment with all the fanboy/fanboi instances...
  • jackmaninov, on 10/11/2007, -1/+7The real shortcut to get straight to the address box is CTRL-L. This works in IE, Firefox and Safari (and I think Opera too IIRC)
  • inactive, on 10/11/2007, -0/+6Maxthon isn't a wrapper of anything. It's a stand-alone browser that uses both the Trident and Gecko rendering engines to display web pages. It also probably has more users worldwide than Safari, especially when you take China into account.
  • thailand1972, on 10/11/2007, -1/+7"His point was that Apple's OS only has to run on one hardware configuration.... Apples."

    Wow....an OS powered by apple juice!
  • Insurgo, on 10/11/2007, -2/+8Why did I get dugg down for requesting a link to the patch?
  • seasleepy, on 10/11/2007, -1/+7@pheen (#7185103): I don't doubt that the iPhone announcement was a big factor in their deciding to release it for Windows, but I'm not really getting where the whole "It's only for developers, duh" is coming from.

    Everything I've seen about it so far doesn't indicate that it's aimed just for developers. The actual "Safari for Windows" announcement was prefaced by talk of wanting to increase Safari's market share, and followed by talk about how fast it is and how it's the best, most secure browser out there, and talk of how iTunes gets twice as many downloads a day as Firefox, and so on. The apple.com/safari site has only a small "Web Developers" button at the bottom of the page, and nothing else on that page is aimed at developers. It says "public beta" but there's nothing indicating that it's not for the average user (and a lot indicating that it is).
  • Fetching more discussions...
    Show 51 - 100 of 218 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.