Major player on the software scene announces a “newer, faster, better, more secure” piece of software… that turns out to be phenomenally insecure. But this time, it’s not Bill Gates.
Apple unveiled Safari 3 for the Mac and Windows platforms Monday at the Worldwide Developers Conference promising faster speeds than Microsoft’s dominant Internet Explorer. Apple lovers can now take their longing for a Mac-like experience to the average PC. But researchers said that the security vulnerabilities they found in the browser indicated that serious flaws lay behind the chic façade of Apple’s Safari.
Maynor wrote that he found “a total of six bugs in an afternoon, four DoS and two remote code execution bugs.”
*heh* Poison-laced eye candy.
“These are popping out like hotcakes,” researcher David Maynor wrote on the Errata Security blog, referring to the alleged bugs. “Not bad for an afternoon of idle futzing.”
Maynor suggested that “the exploit is robust mostly thanks to the lack of any kind of [advanced] security features in [Apple] OSX. The bugs I discovered work on the currently shipping Safari browser on OSX and can be made uber reliable due to the lack of OSX security features,” he wrote.