Security flaw hits Safari on Windows

Powered by SC Magazine
 

GLOBAL - Security researcher Aviv Raff claims to have found the first security vulnerability in Apple's Safari browser on Windows only hours after the software was released.

Raff tested the application against a standard browser security testing tool.

"A first glance at the debugger showed me that this memory corruption might be exploitable. Although I'll have to dig more to be sure of that," he wrote on his blog.

Apple unveiled a beta of a Windows version of its Safari web browser on Monday. The final product is scheduled for release in October.

In a keynote presentation at Apple's Worldwide Developers Conference in San Francisco, chief executive Steve Jobs claimed that the browser would run up to twice as fast as Microsoft's Internet Explorer, but did not mention Internet Explorer's security record.

Apple lists the browser's security as one of 12 reasons "why you'll love Safari" and adds that "Apple engineers designed Safari to be secure from day one ".

Raff worked on the "Month of Apple bugs" earlier this year, during which researchers published details on a slew of vulnerabilities in the software.

It was intended to challenge Apple's security record. He took the company's boasting about Safari's security as a personal challenge.

"So I've decided to take it for a test drive and ran Hamachi. I wasn't surprised to get a nice crash few minutes later," he wrote. Hamachi is a tool that tests a browser's integrity.

"Don't you hate those pathetic claims?" he said in the closing of his post in reference to Apple's marketing speak.

Apple did not immediately respond to a request for comment.

Copyright ©v3.co.uk


Security flaw hits Safari on Windows
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3088

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 983

Vote