Apple Safari for Windows Exploit

Congratulations to Apple for releasing a browser for Windows. If it is as bad as their iTunes for Windows product, it probably will make little or no progress into a new user base. However, it does give their existing users more options, which is still a good thing. Er, sort of a good thing, according to Apple Product Security:

A command injection vulnerability exists in the Windows
version of Safari 3 Public Beta. By enticing a user to visit a
maliciously crafted web page, an attacker can trigger the issue which
may lead to arbitrary code execution.

[…]

An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website.

[…]

A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page.

The message from Apple points out that none of this has anything to do with OS X. Apple Product Security also emphasizes how much they look forward to hearing from the public about products that they release with flaws:

As with all our products, we encourage security researchers to report issues to product-security@apple.com.

It would be funny if the product security notes included a phrase like “Patch available…or click here for help on how to migrate from Windows”. That would be so Microsoft-like of them.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.