Slashdot Mirror


Apple Safari On Windows Broken On First Day

An anonymous reader writes "David Maynor, infamous for the Apple Wi-Fi hack, has discovered bugs in the Windows version of Safari mere hours after it was released. He notes in the blog that his company does not report vulnerabilities to Apple. His claimed catch for 'an afternoon of idle futzing': 4 DoS bugs and 2 remote execution vulnerabilities." Separately, within 2 hours Thor Larholm found a URL protocol handler command injection vulnerability that allows remote command execution.

18 of 595 comments (clear)

  1. Safari...? Windows...is the issue - backend! by djupedal · · Score: 0, Troll

    And...when Safari reaches, oh, say, 10% ~ 20% of the level of breach-possibles that any of the current IE clients are facing, let us know, eh?

    Until then, the mud on the carpet came in on your shoes, not mine.

  2. And yet, by WindBourne · · Score: 0, Troll

    it is still more secure than MSIE.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  3. Re:Maybe that's because... by nschubach · · Score: 0, Troll

    ...and it's on Windows.

    --
    Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
  4. It's crap by MSBob · · Score: 0, Troll

    I just installed it and fired it up on XP. Resizing the browser window takes 4 seconds on a 3 GHz P4 with 1 Gig of Ram. I am not joking. In terms of UI sluggishness nothing beats apple software. Not even Java Swing. It's absolutely horrendous. Save your selves the trouble and skip this browser. Truly nothing to see here.

    --
    Your pizza just the way you ought to have it.
  5. Re:He notes in the blog that his company does not by timmarhy · · Score: 1, Troll

    he already outlined why he did it - apple threatened to sue if he disassembled the airport, so he used a clone no name model which used the exact same drivers (where the problem lays).

    --
    If you mod me down, I will become more powerful than you can imagine....
  6. It's a BETA by Dragon+of+the+Pants · · Score: 0, Troll

    This is completely outrageous. Betas aren't allowed to have bugs! For the love of God they could ruin us all!

  7. shooting the messenger is now + 5 insightful? by siddesu · · Score: -1, Troll

    Wow, a company releases a product that puts their customers in danger, and boo-hoo, the fanbois go after the whistleblowers. How about the professionalism of Apple developers/testers/managers?

    1. Re:shooting the messenger is now + 5 insightful? by Anonymous Coward · · Score: -1, Troll

      Stop sucking Gruber's cock.

    2. Re:shooting the messenger is now + 5 insightful? by siddesu · · Score: 1, Troll

      releasing software with remotely exploitable bugs to the general public to the fanfare of the press (release of safari is in all major news) by a large company is surely a more irresponsible act than a bug report about the said software.

    3. Re:shooting the messenger is now + 5 insightful? by aztracker1 · · Score: 0, Troll

      Not that I support certain portions of the patriot act... But I wonder if this guy is a U.S. resident, and if so, if this can be considered an act of terrorism. I mean he isn't causing panic in the streets, but he is causing a lot of, most likely unjustified concern without proper disclosure. (This is not meant to be a troll).

      --
      Michael J. Ryan - tracker1.info
  8. Re:Another hackable part of Safari/Windows by Anonymous Coward · · Score: -1, Troll

    your "proof" consists of a screenshot of an irc session in which you claim it works. Try again.

  9. Re:He notes in the blog that his company does not by toejam316 · · Score: 0, Troll

    Your a bit free with your anger. Maybe you should seek medical help? I'm pretty sure you can get help for that, probably free too. All well, maybe next time you'll consider what your letting free into this world.

  10. refunds for bad software by OrangeTide · · Score: -1, Troll

    You all deserve a refund, how much was Safari again?

    --
    “Common sense is not so common.” — Voltaire
  11. Re:He notes in the blog that his company does not by heinousjay · · Score: 0, Troll

    Yeah, here's the justification: there is no reasonable expectation of Applefan approved behavior from the public at large. How's that one fit?

    --
    Slashdot - where whining about luck is the new way to make the world you want.
  12. You're dodging by Anonymous Coward · · Score: -1, Troll

    Maynor claims to be a professional security researcher. One of the cornerstones of professionalism...

    Nice try, but it can simply mean he's good enough to get paid in the trade he professes to be skilled in.

    I'm not even going to tell you to look it up. I don't believe you don't know the definition of the word. You're just ignoring it. How professional.

    The secondary definition that you're trying to restrict the term to is simply marketing hype by "professionals". Like professional roofers.
  13. Re:He notes in the blog that his company does not by jombeewoof · · Score: 0, Troll

    What commercial software that is released these days doesn't qualify as "beta".
    My mother ran a "beta" version of XP right up until MS finally released a "moderately" stable version. (SP2 if you were wondering).
    And not just MS, although they are probably the worst.
    My all time favorite video game series, Elder Scrolls. You can not tell me that DaggerFall, and Morrowind were actually ready for release until months after their initial release. Same goes for Oblivion, that still has more bugs than the majority of other games I play combined.
    Do they put out an excellent product, YES. Do they charge you $50 to beta test it if you purchase it within the first 12 months. YES.

    Nothing new here, I didn't even think new software had the RC stage anymore. Get it out of alpha, and onto the shelves, we can fix it after it starts to make a profit...

    --
    Linux Zealots: Smarter than Mac Zealots, but still zealots.
  14. Re:Safari or Windows vuls? by Anonymous Coward · · Score: -1, Troll

    do you even take actual time to think about what you're going to type?
    u can never blaim the OS for a malfunction in your application when you have others that do the exact same thing that your application does...and they have NO PROBLEMS.It's always the application developers fault.
    And yes all the bugs mentioned above are Safari bugs.Don't put windows in this one.We have quite a few browsers on windows and they have none of these bugs.
    Next time take a minute to think...and if you're going to write a fan based message type:
    "i can't believe they didn't take 5 freaking minutes to do actual beta testing before making this software public".
    And then wonder how many times they did this in mac os x.And then be afraid that these discoveries don't make ppl start poking into mac os x like they do into linux and windows.

  15. OH SHIT by Anonymous Coward · · Score: -1, Troll

    Well I blame MS. I put a defective by desing tag on. Also, a haha tag. I boot up my linux, use lynx and blame the world, because it's not ready for linux. but o-seven is still the year of linux desktopZ-Z-Z THOUGH!!!!11!eleven