Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

Posted by Zonk on from the you-have-chosen-poorly dept.

recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.

8 of 368 comments (clear)

  1. Some ideas are not so good by Miros · · Score: 4, Insightful

    Sometimes it's just really not a good idea to push a piece of software out to hundreds of millions of people on its first release just because they use/update your other products. This is the real way that it could come back and bite them, and it certainly seems to have.

  2. It was bound to happen by downix · · Score: 4, Insightful

    EULA's have gotten to the point that they conflict with themselves. One can then assume that Safari is intended for the Windows install on Mac machines, *or* on machines to which someone has applied an Apple brand sticker.

    I am waiting for the EULA that requires all users to declare the programmer their god and send off their first born child to him in sacrifice.

    --
    Karma Whoring for Fun and Profit.
  3. Re:Violating the EULA by ari_j · · Score: 5, Insightful

    You are mistaking "signature" and "agreement." Signatures are not a prerequisite to a valid contract, they are merely very good evidence of agreement. You can get out of some contracts you signed and you can be held to some contracts you didn't. The lack of a signature is not the reason EULAs are of questionable enforceability.

  4. Re:It has begun... by Mattsson · · Score: 4, Insightful

    Also, if you do choose to buy an ipod, you don't have to use itunes.
    You don't even have to use apple-firmware in your ipod. There's an upgrade-firmware that makes itunes totally obsolete.
    It's not available for all ipod-models yet though...

    All in all, though, an installer that offers the option of installing irrelevant software (like installers that offer "google toolbar" or "Safari" or "superduper spywareinstaller") should have that option unselected as default.

    --
    /.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
  5. Re:It has begun... by elrous0 · · Score: 4, Insightful
    Considering Apple's notorious heavy-handedness in their software updates and the aggressive way their software "takes over" your computer when installed, I wouldn't install a piece of Apple software on my computer if you put a gun to my head (I'd as soon install Realmedia player). I used to put Quicktime on my system, but I got so tired of putting up with that sneaky turd (would NOT let you completely uninstall it, insisted on always running in the background no matter what you did to stop it, would try to sneak its way back into your registry even if you deleted its entries, aggressively took over neutral file types, would constantly try to trick you into installing iTunes too, etc.) that I finally refused to even install that much (I use "Quicktime alternative").

    Anyone who installs Apple software had better be prepared to join the cult, otherwise stay the hell clear of it.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  6. Re:It has begun... by MrNaz · · Score: 4, Insightful

    The security issues isn't the real problem here, all software has them from time to time.

    Oh blow me. Can you imagine the shitstorm of a comment thread that would result from this exact same thing being the result of MS's doing? The massive gaping security hole *is* a big deal, it is not made less so just because Apple did it and not MS.

    And what the hell are you talking about with MS giving guidelines? You mean like, MS should give you guidelines on what you should and should not do with your PC? Dude, seriously, where the hell did you come up with your ideas?

    --
    I hate printers.
  7. Re:It has begun... by eck011219 · · Score: 5, Insightful

    Look at it another way. You have a Mac, and you run Office. Somewhere during the routine update process, some new, not-ready-for-primetime version of IE gets installed and is set as your default browser.

    The issue is in part that Safari is not related to iTunes or Quicktime. There's no reason to believe that by installing music software, the manufacturer will also push a browser to you.

    All this will do is piss people off and make them turn off automatic update options, which will eventually result in some flaw in iTunes or Quicktime being less widely patched. It was not a capital crime, but it was dumb and irresponsible of Apple.

    And the EULA thing is just funny. What with the ample fleet of lawyers they have in Cupertino, I'm surprised ANYTHING gets out without a full legal vetting. Software gets out with bugs, but EULAs don't typically get out without great scrutiny.

    --
    It is pitch black. You are likely to be eaten by a grue.
  8. Re:It has begun... by recoiledsnake · · Score: 5, Insightful

    Good god, man! We've got to get them back on Internet Explorer! Though you meant it as a joke, for users on Vista, that could actually be a good thing. IE on Vista runs in a sandbox, so any code owning IE can only mess with the cache folder or something, and can do nothing to your system as well nor any thing to your user files like documents. Whereas, almost every other browser out there runs with the user permissions(not root or admin) by default(on all OSes, AFAIK), so that a compromise can result in viruses/keyloggers etc. that can run on startup, delete your user files/documents and/or email them to Nigeria whereas that's not simply possible with IE on Vista.
    --
    This space for rent.