Safari 3 Beta Updated, Security Problems Fixed

Llywelyn writes "Apple has released an update to the Windows Safari 3 Beta. According to Macworld the updates '...include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript [sic] exploit.' It is available through either the Apple Safari download site or through Apple's Software Update."

Re:I dont care what you say

[Baricom]

I think the reason's pretty simple: companies like Google have been abusing the "beta" moniker lately. The betas I've seen from Apple (including Safari and earlier, Quicktime 7) have been more consistent with what I would consider a beta: they mostly work and are useful for testing, but still have significant problems.

Perhaps what they might have done is require an Apple Developer Connection account to download instead of making it available through general release.

Patch Tuesday...

[sid0]

...is there for a reason.

Though I really would prefer vulnerabilities fixed asap, I can see the reason for Patch Tuesday, especially for non-0day exploits.

Safari 3.0.1, however, is just damage control.

I disagree

[WrongSizeGlass]

As someone mentioned a couple of days ago when Win Safari was first released, they're also going to have to work really hard for this software to compete with other browsers (which many think it can't). I may be wearing my ass as a hat, but I honestly don't see Apple expecting Safari to compete in the Windows browser market. It is my (potentially asshattian) opinion that Safari is available on Windows solely for the purpose of providing a testing environment for iPhone development for Windows developers. It's never going to take over the Windows browser market (or even made a serious dent).

Having Safari available on Windows removes the 'Apple Only' hardware requirement for any company who wants to develop Web 2.0/AJAX applications that run on the iPhone which opens Safari development to a much much larger pool of developers.

Security is not the big problem

[MBoffin]

Fixing the security issues may help in keeping Apple from looking foolish, but security is not the real problem with Safari for Windows. The real problem with Safari for Windows that Apple should be putting focus on is the user experience.* It's horrendous. Slow window redraws, completely broken Windows conventions, a total lack of extensibility, and on and on.

As a web developer, I'm pleased as punch that they've released a Windows version of Safari that renders pixel-for-pixel the same as the OS X version (it really does, I checked). However, Safari on Windows is not even in the running as far as being a candidate as a full-time browser on Windows. The user experience is simply too painful.

* I didn't say they should not focus on security. They most definitely should.

Why so negative on Safari???

[Wingsy]

I've used it on Windows XP Pro. A friend has been using it on Vista. Neither of us can find a single thing wrong with it in 2 days of browsing (even to my bank, the acid test of browsers). The LA Times reviewer recommends it. ComputerWorld praises it. But here on Slashdot about all I see are people giving it a thumbs down. Am I seeing a bit of bias here? Someone direct me to a web page that Safari 3 on Windows XP renders horribly. Please, I wanna see.