Safari Beta Security Slammed; 8 Vulnerabilities Found
Not even a day after Apple unleashed its Safari 3 beta into the wild, security researchers have found a host of security issues for both the Mac OS X and Windows versions.
Security researcher David Maynor (of Black Hat Airport vulnerability fame) details on his blog 6 vulnerabilities, 4 of which were denial of service and 2 were remote code execution. In addition, Maynor claims that one of the bugs found is weaponizable.
Separately, Thor Larholm writes in his blog (which is mentioned by Maynor) another vulnerability involving the Safari beta on Windows, where Safari does not properly validate command-line input. To round out the vunerabilities, Aviv Raff discovered a memory corruption issue that caused Safari on Windows to crash.
In each incident, the researchers seemed to take issue with Apple's claim that "Apple engineers designed Safari to be secure from day one." To be fair, the software is still in beta, although the beta on OS X overwrites the user's previous version of Safari.