Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

Posted by Zonk on from the you-have-chosen-poorly dept.

recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.

13 of 368 comments (clear)

  1. Violating the EULA by sm62704 · · Score: 4, Interesting

    How can you violate an agreement that you never agreed to? Does Microsoft have a copy of a contract with my signature on it saying I'll accept its terms of use for XP? If I had Safari would Apple have a signed contract?

    When I go to best buy I don't "license" an OS or piece of software; I pick a box up off the shelf, pay money for it and am delivered a purchase reciept. I then own the goods that I just BOUGHT. I am under no statutory obligation to read anything or sign anything. I tear open the box and do what I want with it, short of violating copyright law.

    Your EULA is fiction, and until I see one stand up in court I'm going to ignore it.

    -mcgrew

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    1. Re:Violating the EULA by IBBoard · · Score: 3, Interesting

      It's not even that. Microsoft have their way in that regard now. What you own is the media with a binary copy of the application/operating system. What you license by agreement to the EULA is the rights to then install and use that software as a running process (or processes) on compatible hardware.

      Yes, it sucks, but that's what free software is for.

  2. You can stop ignoring them by hassanchop · · Score: 5, Interesting

    http://en.wikipedia.org/wiki/ProCD%2C_Inc._v._Zeidenberg

    "ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir., 1996), is a United States contract case involving a "shrink wrap license". The issue presented to the court was whether a shrink wrap license was valid and enforceable. Judge Easterbrook wrote the opinion for the court and found such a license was valid and enforceable."

    They've been held up in court. The issue isn't totally decided, with other cases dealing with more specific issues, but your "nah nah nah MARY HAD A LITTLE LAMB nah nah nah" fingers in the ears stance may not be legally prudent.

    1. Re:You can stop ignoring them by Actually,+I+do+RTFA · · Score: 2, Interesting

      but you can ignore it if it gives you no opportunity to read the licence *before* accepting, and you can ignore it if it gives you no opportunity to refuse

      Well, I bet that the iTunes EULA includes somewhere in it the rights to expand the scope, yada, yada.

      I imagine that there is an anti-trust suit waiting to happen, since Apple has a near-monopoly on music downloads, which requires the iTunes player, which pushes Safari... If it's good enough for MS, it's good for Apple.

      --
      Your ad here. Ask me how!
  3. Re:It has begun... by AvitarX · · Score: 5, Interesting

    The EULA is not a red herring.

    People are having software that they have no license to use being automatically installed on their systems. I would think a term like that is not valid (non-obvious terms may not be valid in the US), but if it does hold, they will have millions of people in the US infringing on their IP. If they decide they are desperate and start suing (not likely any time soon) there are a lot of potential targets.

    This is like the RIAA giving away MP3s on their website, saying "you agree to listen to this on only RIAA approved devices". When you suddenly have millions of people acting innocently illegally using your product it is not good for them.

    --
    Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
  4. The EULA says... by mr_lizard13 · · Score: 2, Interesting

    ...I can install one copy of Safari on an Apple-branded computer

    It doesn't say how many I can install on non Apple-branded machines...

    --
    "We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
  5. Hardly surprising by elrous0 · · Score: 4, Interesting
    Anyone who has ever tried to REALLY uninstall one of their apps (or get Quicktime to stop running in the background or sneaking back into your registry) should not be surprised. Apple software is sneaky, aggressive, and not to be trusted.

    And the heavy-handed tactics they use to push said software is truly amazing. If MS did half of the underhanded stuff Apple does, they would be dragged back into court in a heartbeat. Why Apple continues to get a free pass on such crap is beyond me.

    I will NOT install Quicktime, iTunes, Safari or any other Apple software on my computer. And I always advise others not too as well. It's just not worth the hassle (if Apple really wanted your business, and not just to sleaze their way onto your computer, they would sell iTunes songs through their website and not require a software download).

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Hardly surprising by Shados · · Score: 4, Interesting

      B...b....but Apple is not a monopoly! That means they can and SHOULD do this!!! /sarcasm.

      Seriously though, Apple is allowed legaly for said reason, but I never understood why people accept it... I mean, last I checked, when Microsoft -started- doing that crap, they weren't a monopoly either...and look where it got us.

      That being said...watching a media player (iTune)conflict with a RAID (I swear Ive seen that happen) is quite amusing... Just exactly WHAT is that stupid thing doing anyway?

  6. Re:It was bound to happen by peipas · · Score: 4, Interesting

    Case in point: the Mozy online backup EULA, which requires you to use the service only for good and for awesome, and warns against taunting the happy fun ball.

    See paragraphs 2 and 3 in the LIMITATION OF LIABILITY section.

  7. Re:I think you're not reading closely enough by Ron_Fitzgerald · · Score: 2, Interesting

    When the updater pops up, at the very bottom of the window is a link to:
    http://www.apple.com/legal/sla/

    At which point you as the user have to pick through a list of different licenses to get to what you may want.

    --
    ~ Ron Fitzgerald
  8. GPL Violation? by lky · · Score: 3, Interesting

    IANAL but....

    The offending section seems to have an even bigger issue in it.

    It reads:
    B. Certain components of the Apple Software, and third party open source programs included with the Apple Software, have been or may be made available by Apple on its Open Source web site
    (http://www.opensource.apple.com/) (collectively the "OpenSourced Components"). You may modify or replace only these OpenSourced Components; provided that: (i) the resultant modified Apple
    Software is used, in place of the unmodified Apple Software, on a single Applelabeled computer; and (ii) you otherwise comply with the terms of this License and any applicable licensing terms
    governing use of the OpenSourced Components. Apple is not obligated to provide any updates, maintenance, warranty, technical or other support, or services for the resultant modified Apple
    Software.
    You expressly acknowledge that if failure or damage to Apple hardware results from modification of the OpenSourced Components of the Apple Software, such failure or damage is excluded from
    the terms of the Apple hardware warranty.
    ---

    Now, one of the open source components used in Safari was/is Khtml which is licensed under the GNU LGPL. Now this clause allows you to modify & use the open source components ONLY if you use them on a single system (assuming the apple-labeled part has been fixed as i've heard).

  9. A buffer overflow? In 2008? Seriously? by pyrbrand · · Score: 5, Interesting

    Man, they're not even trying are they? This day an age, not only is there no excuse to ship with such a basic flaw, there's really no excuse to be programming in a fashion that would allow it. It's so easy to audit for basic overflows (at least on Windows) that it's silly. Even just compiling /GS with VC++ should protect you against a lot. Seriously, people give MS a bad rap these days, but any exploit you're going to see in their software these days usually takes advantage of complex system interactions or odd exception throwing.

    Apple should take a serious look at their coding practices and consider banning the use of unsafe CRT functions and using _s versions of any C functions their using (Visual C++ has them and they're part of the next standard) or at a minimum requiring audits of all raw pointers. Static analysis tools should also be mandatory and should catch most issues.(http://www.spinroot.com/static/)

  10. 0.5 billion users??? by 4D6963 · · Score: 2, Interesting

    500 million users of iTunes, really? 12% of the world population that has access to electricity, are you sure?? How many computer users are there even really out there anyways? And how the hell would you know how many single users for a program you have out there any bloody way? And why on Earth am I seemingly the only one out here this figure made cringe?

    --
    You just got troll'd!