Home Your Tech Home Tech Vulnerabilities removed from Safari for Windows
Just two days after its original release, Apple has updated the Safari for Windows beta to eliminate some of the vulnerabilities discovered by security researchers.

Safari 3.0.1 Public Beta for Windows fixes three flaws, including the command injection vulnerability reported by Thor Larholm.

"Quotes and whitespace is now filtered on any requests to external URL protocol handler applications, but other characters are still being passed without filtering so I expect to find some variations pretty soon," Larholm wrote in his blog.

Apple officials noted that this flaw "does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser." The Safari 3 Public Beta for Mac has not been updated at this time.

The other two are an out-of-bounds memory read issue that may allow arbitrary code execution, and a cross-site scripting issue. Neither of these affect Mac OS X versions, according to the company.

This implies that the six vulnerabilities found by Errata Security's David Maynor remain unfixed, as he claimed they "work on the currently shipping Safari browser on OSX".

Maynor reportedly told Wired that he plans to hold onto an exploit he developed until he can buy an iPhone and break into it.

The Safari for Windows beta may be downloading from Apple's web site, or via the Apple Software Update application installed alongside QuickTime or iTunes for Windows.

Apple also announced that more than one million copies of Safari for Windows were downloaded in the 48 hours following its release.

FREE NETWORKING SERVICES CASE STUDY

As one of the world’s largest social networking services, Facebook handles a lot of user information, and requires input from an astounding range of stakeholders 24 hours a day, 7 days a week — from both inside and outside the business.

Discover how Facebook was helped to connect remote employees, vendors, consultants, and partners to applications and web services quickly and reliably - without risking sensitive data.

GET CASE STUDY!

GET THE IT BUDGET YOU WANT

Explore your Network Treasure Trove to get the IT Budget you want

With Australian businesses projected to spend over $78.7 Billion why does it feel like you can never get the budget you need?.

In most cases your budget will get approved because the proposals are not only technically correct, but also provide good, credible evidence on how the spend aligns with key business objectives.

Did you know that your Network Monitoring tool can help you build a comprehensive business case without an MBA?

HERE ARE 8 TIPS TO GET THE IT BUDGET YOU WANT.

CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities