News

Researchers: Safari for Windows Very Buggy

The biggest news Apple Inc. made yesterday at the opening of its Worldwide Developers Conference was its announcement that it had ported its Safari Web browser to Windows. CEO Steve Jobs called the beta of Safari 3 "the most innovative browser in the world, and the fastest browser on Windows." He could have added "the most insecure browser on Windows" to that list of superlatives.

In what must be a delicious irony for Microsoft, security researchers have found a host of bugs in the Safari beta within hours of downloading the bits. Apple touts the security of its products, and disparages the alleged insecurity of Microsoft products, every chance it gets.

David Maynor, a researcher for Errata Security, stated on the company's blog yesterday that he had already discovered 6 bugs in the beta product, including four denial of service bugs and two remote execution vulnerabilities. "Not bad for an afternoon of idle fuzzing," Maynor wrote. Errata is a security consulting and product testing product company.

Maynor said the bugs he found are also present in the latest, shipping version of Safari, which is version 2.0.4. Maynor also said well-known security researcher Thor Larholm, who's discovered many vulnerabilities in Microsoft's own Internet Explorer browser, has also found bugs in the Safari for Windows beta. Larholm's website was unavailable as this story was being written, but he did chime in on the Errata blog on how lax he believes Apple was in the testing phase. "Seeing as this is fuzzing it should be relatively simple for others to discover on their own, which makes you wonder why Apple never bothered to do so," Larholm wrote.

Researcher Aviv Raff also weighed in. Soon after downloading the Safari beta, he ran a program he developed, called Hamachi, that looks for browser vulnerabilities. "So, I've decided to take it for a test drive, and ran Hamachi," he wrote. "I wasn't surprised to get a nice crash few minutes later".

Raff also noted how, in its marketing materials, Apple said its engineers designed Safari to be safe "from day one." Raff wrote, "Again, this is just a beta version. But, don't you hate those pathetic claims?"

Jobs mentioned that Safari currently has less than 5 percent of the browser market, which is still dominated by IE (about 78 percent) and Mozilla's Firefox, with about 14.5 percent. Jobs said that Safari's market share was unlikely to grow much unless Apple made it available to the Windows world.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

Most   Popular