Safari 3 Beta Updated, Security Problems Fixed 302
Llywelyn writes "Apple has released an update to the Windows Safari 3 Beta. According to Macworld the updates '...include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript [sic] exploit.' It is available through either the Apple Safari download site or through Apple's Software Update."
Naturally (Score:5, Insightful)
Re:Bugs reported one day, fixed the next. (Score:5, Insightful)
Re:not worth it (Score:3, Insightful)
How often do you have to reinstall Windows?
I am not a big Windows fan but I go years between reinstalls without any problems.
I only do a reinstall when I get new System or a new Drive.
Re:Gee (Score:5, Insightful)
Consider this - this is just a "preview" product - and not even on "their" platform. Its good publicity. They're handling the vulnerabilities the same way Tylenol handled the poisoned pill problem - actively, instead of with their head up Gates/Ballmer's rear end going "no problemo".
Re:Patch Tuesday... (Score:1, Insightful)
Patch Tuesday is there because Microsoft can't compete. It has nothing to do with the "cost" of patching, and everything to do with the "cost" of shipping a buggy product.
Simple economics:
Re:Bugs reported one day, fixed the next. (Score:4, Insightful)
Comment removed (Score:4, Insightful)
Re:Well! (Score:3, Insightful)
Re:I disagree (Score:3, Insightful)
Re:Well! (Score:2, Insightful)
C'mon folks, compared to Firefox it is very much void of features. But compared to Firefox most everything is void of features.
Re:I wonder if... (Score:4, Insightful)
Re:I dont care what you say (Score:3, Insightful)
I give the Safari Browser a 0/10 for now. There's also the annoying issue of closing the application behind it when clicking in the corner of the screen when it's maximized. It doesn't close Safari, but whatever window was behind it. I've done this 2-3X.
I have a Macbook, so I'm not Apple, but I'm saying Safari is a POS from my perspective right now.
Re:I disagree (Score:3, Insightful)
Mistakes are not bugs. (Score:3, Insightful)
Calling them "bugs" is a way for us to avoid blame for making mistakes, either in the code itself or in the processes we use to plan and implement that code.
Calling an error a "bug" makes it sound like it could have crawled in there on its own. ("Gee, I don't know how that bug got in there. I'll fix it.")
It didn't just crawl in there on its onw, and its not a feature or a bug, its a mistake, pure and simple. And someone made it.
We (hopefully) learn from our mistakes. Labelling them "bugs" makes it less likely we'll take personal responsibility for them; hence more likely to make the same mistake the next time than if we were honest with ourselves and said "I screwed up - that's a mistake."
Sure, calling it a bug might sooth our egos (we don't have to admit we made a mistake - the program is just "buggy"), but really, are our egos that easily bruised that we can't own up to our mistakes?
Re:Excellent! Just one more thing... (Score:5, Insightful)
What they do want, however, is for developers to test their pages in Safari, not just FF and IE. Until the release, many developers used the fact that they couldn't run Safari on their development platform as a reason for not testing in Safari. Since Safari's CSS rendering is very compliant, most pages that render well in FF also render well in Safari. But Safari's JavaScript engine has a lot of quirks that developers won't catch unless they actually test in Safari. With the proliferation of AJAX-enabled sites out there, it's becoming more common for Mac Safari users to hit pages that just don't work for them. This is what Apple is trying to prevent.
But now that Safari is available in Windows (and hopefully Linux will follow), developers can easily test that their pages will work for Mac Safari users, even if they don't choose Safari as their default browser. This release many have lots of warts, but it's plenty good enough to fire up a couple of times a day to make sure that a specific site works.
Re:Of course. (Score:3, Insightful)
Re:Well! (Score:5, Insightful)
More about the iPhone than the web (Score:5, Insightful)
Controlling the media (Score:2, Insightful)
I am surprised that not a single slashdot comment that I can find is stating the obvious, which is that this is "wag the dog" kind of stuff.
The patch was released almost too fast, what's the odds that it was already written?
Think about it. Apple releases an essentially identical, standards compliant browser on both Mac and Windows. Then it turns out that it's a security problem on Windows because of the foolish way in which Windows does not validate the URL. They then release a patch less than 24 hours later that allows them even more media coverage, exactly on that point. At the same time they get kudos for responding so fast.
Now on the day of the release (well half a day anyway), the press is all bad. But then comes dozens of articles about the fact that the problem is actually with Windows, not with Safari itself. Apple then gets to point out this fact in spades by mentioning in the press release that it was "windows fault and if you were on the Mac there is no need to worry." How good is that?
To all those thinking Apple was embarrassed by the security flaws, your missing the bigger picture. A week from now no one will remember anything about that.
They will however remember that Apple fixed the "Windows problem" with Safari in less than 24 hours.
I think this whole exercise is a statement by Apple, a dig at windows specifically. They are not only showing Microsoft up by besting their best efforts in a browser, they are pointing out (again), that Windows is just less secure by design, as well as horribly non-compliant in terms of open standards. Even on the Mac, the main reason for Safari's existence has always been to promote the existence of open standards and open standard compliant browsers. What better illustration of that need could you get than this?
Re:I wonder if... (Score:3, Insightful)
I'd like to continue pushing for that. Otherwise, we all will be pushed back to Windows and IE (well, some browser/os combo).