NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0205 Windows Version of SAFARI Browser - Bugs:
Researchers intensively scanning the Mac-turned-Windows browser found as many as 18 problems in its first 48 hours. A beta version of Safari 3.0, Apple's proprietary browser that once ran exclusively on Mac computers, was made available for Windows users Monday, June 11. Early reports popped up within hours of the beta software going live, with security specialists claiming bugs left and right. In the first 24 hours after Microsoft released a beta version of Internet Explorer 7 in February 2006, users also found numerous bugs. But Apple is feeling more backlash from this week's reports, because of the company's long heralded tradition of providing extremely safe software. Prior to releaseing the Windows betsa, Apple claimed "Apple engineers designed SAFARI to be secure from day one."
Three days after releasing SAFARI 3.0, Apple has issued its first patch of the beta software. The 3.0.1 update, released 14JUN07, fixes three flaws in the browser including bugs that were discovered earlier this week. This is the first time that Apple has released a version of SAFARI for the Windows platform. Because it now can be run on a much larger number of systems, the code has been getting more attetnion from the security community.
Some Mac users who have tried the three-day-old SAFARI 3.0 browser beta are mad at Apple because several applications won't work after installing the application. Numerous postings on Apple's user-to-user support forum recounted various misfortunes when they installed the SAFARI preview - or tried to. In all cases, WebKit framework files were corrupted by the failed install. WebKit is the open-source application framework used by SAFARI, Apple's Mail email client, the Adium instant messenger, and other web-centric software. Some users got their machines back in working order by extracting the necessary files from an earlier operating system update, while others sniffed out that the older files were intact, but had been moved on the drive. As users wondered whether SAFARI developers were getting the information they'd posted, at no time did anyone identifying themselves as an Apple representative or employee pipe up on the forum. Nor has Apple posted any documents to its support knowledge base that address this issue or any of the problems Mac users have reported with the beta. Apple did not reply to a request for comment.
It took Apple just two days to reach 1 million downloads of its newest SAFARI web browser for Windows. Apple said that SAFARI performed an iBench HTML performance suite test twice as fast as Microsoft's Internet Explorer -- 2.2 seconds to IE's 4.6 seconds. The Apple-built browser turned in similar performance on iBench's Javascript test, completing the suite in less than a second compared to IE's 2.4 second time. Analysts believe Apple's decision to move SAFARI onto the Windows platform was driven by a desire to improve the broser's market share and to introduce Windows developers to the technology so they could write applications for the iPhone.
(Macworld 14JUN07; ComputerWorld 14JUN07; IDG News Service 14JUN07; Tgdaily.com 13JUN07)