Apple's Safari for Windows hit by bugs

• Tags:
• Flaws,
• Beta,
• Las Vegas,
• Airport

David Meyer ZDNet.co.uk

Published: 12 Jun 2007 13:01 BST

• 
• 
• 
• 
• 

The first bugs have already been found in the beta version of Safari for Windows, a port of Apple's web browser, less than a day after its release.

Apple's chief executive, Steve Jobs, announced the beta release during his keynote speech at the company's Worldwide Developers Conference on Monday.

David Maynor — one of the researchers who controversially claimed to have found security flaws in Apple's AirPort Wi-Fi driver last year — wrote in his blog on Monday that "an afternoon of idle fuzzing [testing software by throwing random data at its inputs]" by him and other testers had thrown up six denial-of-service (DoS) bugs and two remote execution flaws.

Maynor, who works for consultancy Errata Security, added that, in line with his company's disclosure policy, he would not report the bugs to Apple. This stance prompted one reader of his blog to comment: "If you actually desire to be professional, then either shut your damned trap entirely or report the issues the way a professional security researcher would report them... for the betterment of all good folks and not just you." Maynor responded by questioning what he termed "the value in reporting vulnerabilities to an organisation that treats them as marketing fodder and requires press to fix anything serious in a timely fashion".

In August 2006, Maynor and his colleague Jon Ellch used a Black Hat security event in Las Vegas to demonstrate a successful hack on an Apple MacBook. Although Apple claimed that the research was no evidence of a MacBook vulnerability, the company released three security patches for AirPort just over a month later.

Apple could not be reached for comment at the time of writing.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed