News:

Welcome to week4paug.net 2.1 - same as it ever was! Most features have been restored, but please keep us posted on ANY issues you may be having HERE:  https://week4paug.net/index.php/topic,23937

Main Menu

'Highly critical' flaws found in Safari for Windows

Started by mopper_smurf, March 27, 2008, 04:26:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mopper_smurf

I already knew that Safari on Windows sucks, but there's more:

http://news.zdnet.co.uk/security/0,1000000189,39372605,00.htm

Quote'Highly critical' flaws found in Safari for Windows

Two security flaws have been found in the Windows version of Apple's Safari browser, which was released just over a week ago.

An address-bar spoofing flaw was discovered by Argentinian researcher Juan Pablo Lopez Yacubian, who reported it to the Danish security company Secunia on Monday. He also reported a second vulnerability involving memory corruption, although Secunia has not yet established whether or not this flaw is exploitable. Even so, Secunia has classified the vulnerabilities as "highly critical".

"The one vulnerability is a classic spoofing vulnerability which will allow the attacker to make the Safari user believe he is on a different site than he actually is, which makes it easier to steal information from that user," Secunia's chief technology officer, Thomas Kristensen, told ZDNet.co.uk on Wednesday.

"As for the other one... we are still investigating that one," Kristensen added. "It is a memory-corruption vulnerability and we haven't proven yet that it can be exploited but, if it can, then it would be possible for a malicious site to execute keyloggers or other malicious code."

Kristensen said that Apple's controversial tactic of pushing out Safari for Windows as an opt-out "update" to existing iTunes users would be "getting [the browser] more users", but stressed that he "[did] not think the user base for Safari on Windows is big enough for anyone to want to exploit this right now".

"None of those [vulnerabilities] can be exploited if you don't actively use Safari to visit a malicious website," Kristensen said, while confirming that the security flaws have not yet been patched by Apple.

Apple had not responded to a request for comment at the time of writing.
Here Comes The Flood - a weblog about music
Twitter | FB | Instagram

As a roadie for the Jimi Hendrix Experience, I learned that I should give up being a guitar player. - Lemmy

rowjimmy

Wait... I thought Apple products were perfect?

And to think that Apple updater (which I have for iTunes) tried to get me to download that yesterday... HA!
* rowjimmy sticks to Firefox.

mattstick


No software is perfect...

But I do think it's dirty of Apple to put Safari Installs into iTunes updates.

jedifunk

ok, i'll take the bait....


i will say that ALL browsers are vulnerable to attacks... firefox included.  

secondly, safari is still the fastest loading browser, much faster at rendering than firefox... its also one of the most standards compliant as well...

in any case, i'm not saying you should use safari on windows, but its kinda annoying that you make a point to post this... yeah, its a big deal because everyone already knows the other browsers suck, but because its an apple product, its gotta be brought up.

oh well, thats my world
Much Respect
(the other resident mac guy) [macbook air]
"Good Funk, real funk is not played by four white guys from Vermont.. If anything, you could call what we're doing cow funk or something.."
- Trey Anastasio

rowjimmy

Quote from: jedifunk on March 27, 2008, 10:19:11 AM
in any case, i'm not saying you should use safari on windows, but its kinda annoying that you make a point to post this... yeah, its a big deal because everyone already knows the other browsers suck, but because its an apple product, its gotta be brought up.

oh well, thats my world

You're annoyed but, if I had taken your advice (retroactively?) and was already running Safari, I'd kinda want to know about the bugs.


Quote from: mattstick on March 27, 2008, 10:16:11 AM

No software is perfect...

But I do think it's dirty of Apple to put Safari Installs into iTunes updates.
No doubt that nothing is perfect... especially running on a windows platform. (Though my 'new' Latitude D810 that I've just setup as my new DAW is bullet proof.)

I def. think it's dirty of them to push their products like that.

jedifunk

i'm only annoyed because a point has to be made because its apple...

i'd have to review every post i've made, but i'm pretty sure i've never said they were perfect....

but i guess i'd rather have this situation than for everyone to simply expect that apple products suck like they do for anything having to do with windows.
Much Respect
(the other resident mac guy) [macbook air]
"Good Funk, real funk is not played by four white guys from Vermont.. If anything, you could call what we're doing cow funk or something.."
- Trey Anastasio

antelope19

#6
Quote from: jedifunk on March 27, 2008, 01:38:39 PM
i'm only annoyed because a point has to be made because its apple...

i'd have to review every post i've made, but i'm pretty sure i've never said they were perfect....

but i guess i'd rather have this situation than for everyone to simply expect that apple products suck like they do for anything having to do with windows.

I don't know that anyone is simply saying "Apple Sucks"  I think the point is that it's a dirty practice to insert their (unwanted)product in a music player update without telling anyone what they're getting.  Thats all. 
Quote
Good judgment comes from experience, and a lotta that comes from bad judgment

jedifunk

umm, well, gee... if you're actually paying attention to what you install on your computer then you wouldn't install it if you didn't want it...

i'm not defending apple on this one... i don't think its necessary for them to push safari on windows users... but given that it seems to be a completely acceptable practice in the industry, and consider ms does it all the time, i think apple didn't do anything wrong... or more wrong that anyone else.... now do i think they should hold themselves to a higher standard?  absolutely, since they usually do...

and personally, i don't see why safari for windows is a big deal to them... its a free browser, and they make nothing on it (or little to nothing)
Much Respect
(the other resident mac guy) [macbook air]
"Good Funk, real funk is not played by four white guys from Vermont.. If anything, you could call what we're doing cow funk or something.."
- Trey Anastasio

rowjimmy

Quote from: jedifunk on March 27, 2008, 03:34:43 PM
umm, well, gee... if you're actually paying attention to what you install on your computer then you wouldn't install it if you didn't want it...

i'm not defending apple on this one... i don't think its necessary for them to push safari on windows users... but given that it seems to be a completely acceptable practice in the industry, and consider ms does it all the time, i think apple didn't do anything wrong... or more wrong that anyone else.... now do i think they should hold themselves to a higher standard?  absolutely, since they usually do...

and personally, i don't see why safari for windows is a big deal to them... its a free browser, and they make nothing on it (or little to nothing)

Uh, hold up.
I was paying attention to my computer and I didn't install it. but why oh why would I as a person who never has installed it get a notification in Apple Update (an automated service, not one that I kicked off) that there was a new version and did i want to download it?
Bad practice, that's why.
Microsoft has just suffered one of the largest regulatory settlements in history over the way they foist IE on people... this isn't quite as bad but it's the same kind of crap. Bait & switch...

jedifunk

again... i agree with you.  i guess my point was that apparently apple decided that since "everyone else was doing it" that it was ok for them

and again, i dont condone that... and i DO hold apple to a higher standard.
Much Respect
(the other resident mac guy) [macbook air]
"Good Funk, real funk is not played by four white guys from Vermont.. If anything, you could call what we're doing cow funk or something.."
- Trey Anastasio

jephrey

At first I thought I'd write the response, "meh".  Then I didn't even waste the time.  But I'd like to jump in with yet another opinion because the topic has gone past just some "highly critical" :jerking off: bugs.

As for the software being in iTunes, to apple, this is a test of the system for software distribution with something free until it starts being used with the iPhone etc.  While at first I didn't like that it was there, it's easy to understand why.  Apple wants the public to get into their apps and the way they look.  They hurt themselves with a few people (like some of you that are posting here), and for most it's just another window in windows to dismiss.  But they help themselves by exposing more people to their style.  They're cocky enough to think everyone's going to love it.  I like the idea of distributing lots of apple software through iTunes, and controlling updates in there too.  You've got to start somewhere.  iTunes is a good place to start, and it allows windows users the mac experience.

Remember too, iTunes is somewhat bastardized for the peecee, and it's no wonder that non-applers dislike Apple's attempt to push their software like that.  But for me, an apple user that the iTunes app was designed for, anything having to do with safari was totally transparent.
There are 10 types of people in this world.  Those who understand binary, and those who don't.

jephrey

rj,

I'm curious, was it just when you installed it that it asked you if you want a "new" version of Safari or does it ask whenever there's a new version?  If it's just the once, then I find it totally reasonable...  Like hey, you like iTunes?  Do you want to try out Safari?  If it's on every version, that should at least be able to be turned off the first time you see the message.  Like "do not remind me again".
There are 10 types of people in this world.  Those who understand binary, and those who don't.

mattstick


Apple Updater runs and it offers you an install of Safari, an update to iTunes and a QuickTime update I think.

You have to un-check Safari if you don't want to install it.

rowjimmy

No.
Apple Update regularly checks for updates to Quicktime and iTunes which I've run for a little while.
It didn't find anything for those two. What it did find was an opportunity to stick and advertisement in my face.

No matter who does it; it's lame. But seriously, I expect better from Apple.

jedifunk

Quote from: rowjimmy on March 27, 2008, 10:42:37 PM
No matter who does it; it's lame. But seriously, I expect better from Apple.

agreed... i certainly expect more from apple
Much Respect
(the other resident mac guy) [macbook air]
"Good Funk, real funk is not played by four white guys from Vermont.. If anything, you could call what we're doing cow funk or something.."
- Trey Anastasio