News

Researchers: Safari for Windows Very Buggy

The biggest news Apple Inc. made yesterday at the opening of its Worldwide Developers Conference was its announcement that it had ported its Safari Web browser to Windows. CEO Steve Jobs called the beta of Safari 3 "the most innovative browser in the world, and the fastest browser on Windows." He could have added "the most insecure browser on Windows" to that list of superlatives.

In what must be a delicious irony for Microsoft, security researchers have found a host of bugs in the Safari beta within hours of downloading the bits. Apple touts the security of its products, and disparages the alleged insecurity of Microsoft products, every chance it gets.

David Maynor, a researcher for Errata Security, stated on the company's blog yesterday that he had already discovered 6 bugs in the beta product, including four denial of service bugs and two remote execution vulnerabilities. "Not bad for an afternoon of idle fuzzing," Maynor wrote. Errata is a security consulting and product testing product company.

Maynor said the bugs he found are also present in the latest, shipping version of Safari, which is version 2.0.4. Maynor also said well-known security researcher Thor Larholm, who's discovered many vulnerabilities in Microsoft's own Internet Explorer browser, has also found bugs in the Safari for Windows beta. Larholm's website was unavailable as this story was being written, but he did chime in on the Errata blog on how lax he believes Apple was in the testing phase. "Seeing as this is fuzzing it should be relatively simple for others to discover on their own, which makes you wonder why Apple never bothered to do so," Larholm wrote.

Researcher Aviv Raff also weighed in. Soon after downloading the Safari beta, he ran a program he developed, called Hamachi, that looks for browser vulnerabilities. "So, I've decided to take it for a test drive, and ran Hamachi," he wrote. "I wasn't surprised to get a nice crash few minutes later".

Raff also noted how, in its marketing materials, Apple said its engineers designed Safari to be safe "from day one." Raff wrote, "Again, this is just a beta version. But, don't you hate those pathetic claims?"

Jobs mentioned that Safari currently has less than 5 percent of the browser market, which is still dominated by IE (about 78 percent) and Mozilla's Firefox, with about 14.5 percent. Jobs said that Safari's market share was unlikely to grow much unless Apple made it available to the Windows world.

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.

Most   Popular