Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

Posted by Zonk on from the you-have-chosen-poorly dept.

recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.

31 of 368 comments (clear)

  1. It has begun... by muffen · · Score: 4, Funny

    Guess this article was right!

    1. Re:It has begun... by Divebus · · Score: 5, Funny

      "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Damn! Now, where did I put those Apple stickers?
      --

      Most of the stuff on /. won't survive first contact with facts.
    2. Re:It has begun... by mini+me · · Score: 2, Funny

      It is just a oversight. They forgot to change the EULA

      So, I think we can safely assume that they just forgot to change the same clause in the EULA for OS X also.
    3. Re:It has begun... by grahamd0 · · Score: 5, Funny

      If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers.

      Good god, man! We've got to get them back on Internet Explorer!

    4. Re:It has begun... by bpsbr_ernie · · Score: 3, Funny

      I was thinking the same thing. Perhaps, they will push OSX out in the next iTunes update.

    5. Re:It has begun... by swb · · Score: 3, Funny

      When the very first Blue & White PowerMacs came out, the print studio at the ad agency I worked for was totally pumped for their machines -- they had been sucking it up using beige G3s and even older PPC Macs.

      Since my job was prepping the machines for install in the studio, I decided to pimp the studio people by putting an "Intel Inside" logo over the Apple logo; of course the machine was for the Mac zealot in the group who was super pissed that the logo was there and that he couldn't figure out how to remove it.

      I caught hell for doing it, primarily because it took major surgery and a ton of time to put the stupid thing in there and I didn't get some other tasks accomplished.

    6. Re:It has begun... by erc · · Score: 4, Funny

      I used to work for Sun back in the early 90's, when Linux was first getting off the ground. We had finally gotten X to run under Linux, and so I figured I'd see what it would do on a 386SX/25 laptop with 16MB of RAM. It was pretty slow, but as long as I wasn't doing anything it was fine. When the screensaver kicked in, I saw the traditional Sun logo, and that gave me an idea for a prank.

      I went down to engineering and got one of the old metal Sun logos, the ones that used to be on the front of Sun-2 boxes, and put it over the logo of the laptop, fired it up in my office, and waited for the first victim to wander by. A while later, one of the senior software developers walked into my office to ask me something, and spied the laptop with the Sun logo and the screensaver running with the Sun logo on it. "How'd you get a Sparc laptop? I didn't think they were in production yet!" I have lots of friends ... [chuckle]...

      It didn't take long for the prank to be found out, but it sure was fun for a while... :)

      Reminds me of the time that I got Wine running under A/UX (Apple's version of UNIX, SVR4 flavor) - I was working for Apple at the time, and it was fun to see people's faces when they'd come by and see the Windows logo on the screen on what was obviously a Mac, but that's a story for another time. Sure was a fair bit of work, but it worth the prank value... :)

      --
      -- Ed Carp, N7EKG erc@pobox.com PGP KeyID: 0x0BD32C9B What I'm up to: http://intuitives.mine.nu
    7. Re:It has begun... by mrbluze · · Score: 5, Funny

      Anyways, going back to the article, I think the EULA is just a mistake and believe they will correct it. It does however bring up a valid point about the usefulness and legalities around EULA's.

      Any EULA is basically saying:

      • This software is mine, so piss off!
      • If you use it, it's your stupid fault, so piss off!
      • You can't sue me but I can sue you, so piss off!
      • Oh, and by the way, piss off!
      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
    8. Re:It has begun... by Divebus · · Score: 2, Funny

      I got two Apple stickers with my copy of Leopard. Time to check out that box again! No wonder I didn't see them! They were in with the documentation!
      --

      Most of the stuff on /. won't survive first contact with facts.
    9. Re:It has begun... by flosofl · · Score: 4, Funny

      I had two, and I put them on a large stone block and my printer. Anyone know how to install safari on a printer?
      No, but I did manage to get it installed on a medium stone block. I'm sure the steps I used can be scaled up to your large one. Page renders are very crisp, but refresh takes forever.
      --
      "This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
    10. Re:It has begun... by Kjella · · Score: 2, Funny

      I used to work for Sun back in the early 90's, Reading the rest of your post, I'd say you were employed by Sun back in the early 90's.
      --
      Live today, because you never know what tomorrow brings
  2. Acidity by n3tcat · · Score: 5, Funny

    So Acid 4 will include security tests too now, right?

    1. Re:Acidity by MooseMuffin · · Score: 5, Funny

      Yes. You pass if the website renders correctly. You fail if the website owns your machine.

  3. I wonder... by Fenice · · Score: 5, Funny

    ...if Apple can sue itself for proposing illegal installs of safari on windows?

  4. Re:It was bound to happen by mwvdlee · · Score: 3, Funny

    Only if the firstborn is female, and you don't need to send any for the first 18 years.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  5. Fine by me by asc99c · · Score: 5, Funny

    My iPod came with a big Apple sticker which for some reason I did stick on my PC. Guess I'm OK to use Safari then.

    1. Re:Fine by me by AioKits · · Score: 2, Funny

      My iPod came with those as well. Too bad there was not enough space left on my laptop after the Mozilla folk were nice enough to give me a sheet of Mozilla stickers for purchasing a few t-shirts and a laptop tote...

      --
      "Quote me as saying I was mis-quoted." -Groucho Marx
  6. Switch? by blankoboy · · Score: 3, Funny
    Sheesh, I'm on the verge of finally switching from Microsoft to Apple (just been waiting on the new rev of the Mac Mini to appear) and they go and pull the funny business of trying to slip Safari on to Windows desktops that use Itunes. On top of that there is now this report of the security flaws found in Safari. So now Apple is carelessly pushing a security risk browser onto unsuspecting client PC's. This is really underhanded and has be getting cold feet. Ubuntu perhaps....then?

    Apple, these sort of tactics really are not necessary. Don't take the low road please...you can win it by going on the high way.

  7. Profit? by crt · · Score: 5, Funny

    Step 1: Install Safari on millions of unsuspecting Windows PCs
    Step 2: Sue non-Mac owning PC users for violating EULA
    Step 3: ???

  8. Yet more proof by an.echte.trilingue · · Score: 5, Funny

    Yes. You pass if the website renders correctly. You fail if the website owns your machine. Yet another "standards" test designed to make IE fail. This is just more proof that the W3 has it out for Microsoft.
    --
    weirdest thing I ever saw: scientology advertising on slashdot.
  9. Re:You keep saying that word.... by Daimanta · · Score: 4, Funny

    I am a naturalist and I don't wear any clothes you insensitive clod!!

    --
    Knowledge is power. Knowledge shared is power lost.
  10. Nobody reads them by Zelos · · Score: 3, Funny

    Proof that nobody reads EULA, not even the people that write them?

    More likely, some tired programmer just copied the string resource across from another project without checking it.

  11. Re:You keep saying that word.... by Nursie · · Score: 2, Funny

    Not only did I get the point. I had a chuckle at the idea of naked naturalists, hanging out (literally) in the forest trying to spot wildlife...

  12. Re:You keep saying that word.... by Nursie · · Score: 2, Funny

    You can be both! You can be both!

  13. Re:Actually by jtev · · Score: 2, Funny

    You mean, like.... Ummm.... I'm thinking here.... Windows Media Player for mac? That would be the sort of vindictive thing that would be awesome for MS to do in my not so humble opinion. Bonus points if they "forget" to fix their licence, and say that it has to be run under windows.

    --
    That which is done from love exists beyond good and evil
  14. Found 'em by GameboyRMH · · Score: 3, Funny

    They're all over the place:

    - Stuck to the back glass of pickups
    - Stuck to the back glass of poorly maintained econo-cars
    - Stuck to teenage girls' bedroom/dorm doors
    - Stuck to teenage girls' binders and backpacks

    Good luck getting them back...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  15. Re:Hardly surprising by Anonymous Coward · · Score: 2, Funny

    That "spyware" service you refer to is just a notifier to open iTunes when an iPod is connected. That's all it does. It's hardly malicious, and it doesn't report to Apple what you do with your computer.

    Yeah, but having that program poll the bus once every ten seconds or so is seriously infringing on the 4.8 BILLION operations a second that his computer is capable of doing. Do you realize just how much percentage-wise that is?!?!?

  16. Re:It was bound to happen by rthille · · Score: 2, Funny

    Either you're really young, or you haven't been around any 18 year old girls lately. God they are insipid...send me a nice "at the peak of my sexuality" 30 year old instead any day!

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  17. Re: "It" has begun... by WaltFrench · · Score: 2, Funny

    Considering ... the aggressive way their software "takes over" your computer...

    Good Lord! Apple has hacked Windows' security so it lets Apple software mod the Registry to determine which app starts when you double-click a URL?

    They're more malicious than I could ever have imagined!!! Soon, all these machines will be filled with all the spyware, viruses, trojans and etc that Apple is notorious for hosting!

    --
    "Inquiring Minds Want to Know!"
  18. Re:It was bound to happen by Rary · · Score: 2, Funny

    This is Slashdot. Odds are he's never been around any female not called "Mom".

    --

    "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  19. Re:You keep saying that word.... by gstoddart · · Score: 3, Funny

    I am a naturalist and I don't wear any clothes you insensitive clod!!

    Chill, don't get your knickers in a twist.

    Err ... wait. :-P

    Cheers
    --
    Lost at C:>. Found at C.