Two of the repaired flaws could allow an attacker to take over control of a system. A third one exposes the user to a cross-site-scripting vulnerability that could lead to disclosure of confidential information.
It took security researchers only hours to find the first security holes after Apple released a beta of the browser on Monday. Researchers have reported a combined seven security vulnerabilities.
One of the repaired vulnerabilities was discovered Thor Larholm, although Apple didn't credit the researcher.
"Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted towards this new Windows browser," he wrote when he disclosed his vulnerability in a blog posting on Tuesday.
In another posting on Thursday, he charged that the update is still ignoring several weak spots in the browser that will allow him to crack the browser's security again with a few tweaks to his original exploit.
Safari 3 is currently in beta. It is therefore unlikely that people are using the software as their primary browser, limiting the risk that attackers will target the vulnerabilities.
Breaking with the way the company traditionally discloses security flaws, Apple didn't post details of the update on its security updates site but only disclosed them in an email to a mailing list.
Apple is breaking with common procedures in other areas too. The update to the application is listed as version 3.01, but it's common to change version numbers of software when it's in a testing phase.
Apple plugs some Windows Safari security holes
By
Tom Sanders
on
Jun 15, 2007 10:19AM

GLOBAL - Apple has released an update to the beta of its Safari 3 browser for Windows that repairs three vulnerabilities.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership