Safari 3 Beta Released on Windows
So as everyone knows Apple has released Safari 3 beta for OS X and Windows, and security researchers are already dropping flaws on it. I believe Apple has just caused the price of Safari 0day to increase about 1000% by releasing it on Windows.
So I had fuzzed Safari 3 beta last night and within the first five minutes I had found ten flaws most if which were within the SVG parsing engine. I was going to release them last night, but I figured it is still in beta and I would rather save them for when Leopard is released. I figure why keep giving Apple all the free security QA in the first place. Either way, Apple should not be shipping a extremely vulnerable beta out to the public.
It will be interesting to see if Apple responds to all of the security bug reports.
If you want to see Safari 3 beta crash see the old advisory link below:
Apple OS X WebKit WebCore::ArrayImpl “ROWSPAN” DoS
A little bit about everything » Blog Archive » With Windows port, a bug-hunting Safari for Apple Said,
June 12, 2007 @ 6:07 pm
[…] researcher, Tom Ferris, said his vulnerability testing “fuzzer” software turned up 10 flaws in the browser in […]
PCNiche » With Windows port, a bug-hunting Safari for Apple Said,
June 12, 2007 @ 6:40 pm
[…] researcher, Tom Ferris, said his vulnerability testing “fuzzer” software turned up 10 flaws in the browser in […]
Lars Pallesen Said,
June 12, 2007 @ 6:41 pm
What an interesting take on this. ” I won’t share my knowdledge of bugs in the beta Windows version of Safari with the Apple software engineers because … well, because why exactly?
To annoy Apple Corp. or just to annoy the millions of Windows-users who might feel like giving Safari a try?
The Windows community line of thinking never seizes to amaze me …
Lars of Denmark
Apple Safari for Windows Vulnerabilities | Recognize-Security Said,
June 13, 2007 @ 3:40 am
[…] Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities by Tom Ferris (Bugtraq ID: 24434). […]
elreflejo Safari, no tan seguro .. no tan rápido at elreflejo Said,
June 13, 2007 @ 10:32 am
[…] En Mouse.cl nos dicen que ya van 18 fallas de seguridad encontradas en el navegador que decía ser “el más seguro desde del día cero”, 10 de las cuales fueron encontradas dentro de 5 minutos por el investigador Tom Ferris. […]
DavilaCS Said,
June 14, 2007 @ 8:02 am
Safari es un ASCO lo peor que a sacado apple en toda su historia con decir que hasta explorer es mejor por eso yo iLove Opera :D.
With Windows port, a bug-hunting Safari for Apple Said,
June 14, 2007 @ 10:02 am
[…] researcher, Tom Ferris, said his vulnerability testing “fuzzer” software turned up 10 flaws in the browser in […]
PCNiche » After hacker dissection, Safari beta is patched Said,
June 14, 2007 @ 2:21 pm
[…] give Apple a round of applause for the quick response,” wrote researcher Tom Ferris on his blog Thursday. He says he’s discovered 10 vulnerabilities in the […]
After hacker dissection, Safari beta is patched « Connect Fans Said,
June 14, 2007 @ 7:16 pm
[…] give Apple a round of applause for the quick response,” wrote researcher Tom Ferris on his blog Thursday. He says he’s discovered 10 vulnerabilities in the […]
TecnoBITA.com - Informática, tecnología y mucho más » Bugs en Safari 3.0 Said,
June 30, 2007 @ 10:40 pm
[…] la versión para Windows del explorador de Apple, nos cuenta Mouse que le han encontrado 18 bugs. Tom Ferris encontró 10 bugs en tan sólo 5 minutos, aseguró PCWorld. Aviv Raffmon fue uno de los primeros […]