Tuesday, June 12, 2007

Safari for Windows, Mac, and probably iPhone found to have tons of security holes



As noted here and many other places, Safari turns out to be full of security flaws at least some of which are in the production (2.0.4) version as well as the 3.0 "beta" (it doesn't show beta in its About box).

Safari on Windows is proving pretty buggy for me, it doesn't save preference changes among other things. (Ironically, it crashes when I try to view a MacWorld Blog page complaining about the uninspiring announcements at WWDC.) Personally, I think it's nice to see security flaws in Safari exposed because, hopefully, Apple will be forced to fix them. The nastiest exploit I've seen tricks Safari into running arbitrary command lines under Windows (via cmd.exe).