voodish logo
tweet rss book of faces Linked In

Safari for Windows has a security hole

Safari Logo

As some of you may know, Apple has developed Safari (Apples Web Browser), for use on the Windows Operating System. But, F-SECURE reports on a remote command execution bug in the brand spanking new Safari for Windows program that blows the Software wide open.

The bug was discovered by Thor Larholm. Meanwhile, F-Secure also reports that the command prompt tool in Vista’s system recovery options doesn’t need a user name or password.
F-Secure.

Which makes statements like this from Graham Barlow of MacFormat quite comical:

Windows users are desperate for Apple to
provide some decent software

Safari Vulnerabilities

Thor Larholm has discovered a remote command execution vulnerability in the newly released Safari for Windows (Beta) just a day after it was released. The vulnerability is caused by Safari’s failure to validate user-supplied strings before passing them as parameters to external URL protocol handlers. The vulnerability can be exploited to execute arbitrary code on a victim’s computer just by making them view a malicious web page in Safari.

Related Articles

Comments RSS Feed

2 Comments

  1. Peter June 13, 2007

    Great piece - I agree that it is not a very good piece of business by Apple if they intend to woo Windows users off Internet Explorer.

    Gone are the days when Apple did not make mistakes like this- these days they can afford the odd ‘own goal’!

  2. Go to Top of the page

  3. Igloo boy September 8, 2007

    Safari for Windows is at Beta Stage so teething problems are expected. They will probably fix it soon. As a browser it is brilliant, and once this security hole is eliminated it is worth trying out. It cetainly is no worse than other competing browsers such as Firefox or Opera.

  4. Go to Top of the page

Leave a comment