Forgot your password?
typodupeerror
Security Businesses Apple

Safari 3 Beta Updated, Security Problems Fixed 302

Posted by Zonk
from the closing-holes-in-the-apple dept.
Llywelyn writes "Apple has released an update to the Windows Safari 3 Beta. According to Macworld the updates '...include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript [sic] exploit.' It is available through either the Apple Safari download site or through Apple's Software Update."
This discussion has been archived. No new comments can be posted.

Safari 3 Beta Updated, Security Problems Fixed

Comments Filter:
  • Well! (Score:5, Funny)

    by drhamad (868567) on Thursday June 14, 2007 @03:10PM (#19509733)
    It's about time! ;) What took them so long!
    • Now can they make it not suck? [arstechnica.com]
      • by curunir (98273) * on Thursday June 14, 2007 @05:42PM (#19512365) Homepage Journal
        The whole review misses what I believe is the point of the release entirely. They approach it from the point of view of a user who would be using it as their default browser. But I don't think Apple is really trying to win significant market share on PC browsers.

        What they do want, however, is for developers to test their pages in Safari, not just FF and IE. Until the release, many developers used the fact that they couldn't run Safari on their development platform as a reason for not testing in Safari. Since Safari's CSS rendering is very compliant, most pages that render well in FF also render well in Safari. But Safari's JavaScript engine has a lot of quirks that developers won't catch unless they actually test in Safari. With the proliferation of AJAX-enabled sites out there, it's becoming more common for Mac Safari users to hit pages that just don't work for them. This is what Apple is trying to prevent.

        But now that Safari is available in Windows (and hopefully Linux will follow), developers can easily test that their pages will work for Mac Safari users, even if they don't choose Safari as their default browser. This release many have lots of warts, but it's plenty good enough to fire up a couple of times a day to make sure that a specific site works.
        • Re: (Score:3, Interesting)

          by aztracker1 (702135)
          Given that Safari (Apple Web Kit) is based on KHTML (Konqueror), you can use Konqueror in Linux to get a decent grasp of where you stand with Safari... I know that AWK has deviated for KHTML, and back changes take a while to, if ever, get into the KHTML code base, it is still a decent reference point...

          Personally, I would much rather have seen the Apple guys throw their support behind the Gecko engine, and Camino. It's not that KHTML/AWK is a bad browser base, I just think it would have been easier to u
        • by Overly Critical Guy (663429) on Thursday June 14, 2007 @06:19PM (#19512835)
          It's not so much that Apple wants developers to test their websites in Safari as much as it is they want to give Windows developers a WebKit platform in which to test web apps, since apps will be running in Safari on the iPhone.
  • by Anonymous Coward on Thursday June 14, 2007 @03:15PM (#19509815)
    Downloaded and tried to open websites in Chinese. The rendering is just horrible, unreadable and totally unacceptable. Texts are not where they should be. In this sense, this Safari is even not as good as IE 4, which could display such webpages well. I heard that, (didn't try), Safari could not open most webpages in non-western languages.
    • by nevali (942731) on Thursday June 14, 2007 @03:18PM (#19509867) Homepage
      The issue there is that Mac OS X's own international character support does all the hard work for the applications: they don't generally need to worry about it. On Windows, it's a very different story, which means it'll take Apple more than a couple of days to make WebKit/Win32 deal with it all as elegantly as it does on OS X.

      • The issue there is that Mac OS X's own international character support does all the hard work for the applications: they don't generally need to worry about it. On Windows, it's a very different story

        Really? Seems that Unicode has been a part of the NT platform since 1992, Windows developers seem to do quite fine with letting Windows handle character and font support. I can make a 10 line application that handles most languages on Vista, and you are going to tell us that it is 'harder' on Windows?

        Nope...
        • by nevali (942731) on Thursday June 14, 2007 @06:18PM (#19512823) Homepage
          NT handles Unicode character storage and manipulation just fine, yes.

          Unicode font rendering (automatically selecting the a font which contains a particular character, because generally no font contains all Unicode characters, and if one did exist, it probably wouldn't be the text font in use) is a different matter altogether.

          Mac OS X does sane font substitution when faces don't include a particular character. On Windows, AFAIK, typing a Japanese glyph when using a font that doesn't support that code point will result in the square block--on the Mac, the type renderer will find the closest visual match (in terms of style) for a font that does include the code point and use that for those glyphs.
    • by Llywelyn (531070)
      Websites in Japanese look fine and quite readable in Safari from what I can tell.
  • Naturally (Score:5, Insightful)

    by Diordna (815458) on Thursday June 14, 2007 @03:17PM (#19509853) Homepage
    I'm your average rabid Apple fan, but surely they had to have a fix at least this fast to keep from looking stupid. I doubt they'll be as quick in the future.
    • Re: (Score:3, Informative)

      I doubt they'll be as quick in the future.

      Sure they'll be this quick in the future, right up until it leaves beta, then they'll actually have to do full regression tests which will take longer and have a turn around time aout the same as the Mac version.

      It always amazes me when I hear people complaining about bug fix times from vendors who take between one and six weeks to get a bug into production. Those are normal turn around times assuming the vendor starts work immediately on a development/testing cycle for a large, production software proj

  • by Ant P. (974313) on Thursday June 14, 2007 @03:22PM (#19509995) Homepage
    Konqueror's Win32 release will be as big a disaster.
  • Developing a browser for Windows will be quite a test for Apple and the Safari developer community. Is Apple trying to get a larger user community (even tens of percents), or just making it possible for web developers easily test their servers for Safari? In any case, if Apple can survive in this market, they are in an interesting position - partner with Google, and offer their own services for Windows users perhaps?
    • by CastrTroy (595695)
      If web developers want to test on mac, then they should get a mac. Just as testing using Konquerer doesn't show the same results as Safari on Mac, so too will be the experience when using Safari for Windows. If you are really hard up for cash, and can't afford a mac for every web developer in your office, then get a single Mac Mini, and run 4 copies of VNC on 4 different logged in users. It's a little slow but you're just testing web pages, so it really shouldn't matter. If that is still too far outside
  • by norminator (784674) on Thursday June 14, 2007 @03:25PM (#19510071)
    Now if they would just fix the problem that some people (including myself) are having where no text shows up anywhere in the application and you can't type in any of the text input fields (kind of hard to use a browser when you can't type in an address).
    • by nbert (785663)
      I had a similar type problem with Firefox for about a year, so I switched back to Safari recently (well, after updating to ff 2.0 I had "some" new problems - the type error occurred not often enough to make me switch)

      Anyways, the beta works like a charm for me an I'll keep using Safari *if* someone ports Adblock or writes a good plugin which works as good as Adblock. I personally don't like PithHelmet that much.
    • by Henry V .009 (518000) on Thursday June 14, 2007 @03:49PM (#19510471) Journal
      Yes, I've got this problem on my Vista install at work. Clicking the little spider icon to report the bug crashes the program.

      Mini-review of Safari on my home Vista install: The non-standard Windows UI is annoying. If I wanted to resize only from the bottom right corner I would have bought a Mac. The lack of an advertisement blocker makes the software a poor alternative to Firefox. The bundling is annoying. I don't want Quicktime. Quicktime is ugly, ugly software. It makes Firefox crash, grabs all sorts of MIME types, throws its icon up on the desktop every time it updates no matter how many times you delete the icon, it installs a systray icon (for a media player?!? come on), and it won't play full screen videos. ITunes is only a good media player if you own a Ipod. Don't want that either. The Apple update service is annoying as well. Why a separate service? I want my apps to check for updates when I start them or not at all.

      Good points? Well, Safari displays web pages, I guess. Good for Apple.
  • by Anonymous Coward
    the COMMUNITY would have had it fixed
    and fixed WAY faster copyleft knockoff $Apple$

    I, for one, refuse to acknowledge the EXISTANCE of closed source browsers.

    Live Free or Die
  • This may be a stupid question, but every other tabbed browser I've used has a hotkey to switch between tabs. Generally, that's ctrl-tab. I can't find anything similar in Safari though, and that is a big deal breaker. Am I just missing something?
    • Re: (Score:3, Informative)

      by nevali (942731)
      If they've carried the keystrokes over from the Mac version, it'll be Cmd+Shift+[ and Cmd+Shift+], which on windows would be Ctrl+Shift+[ and Ctrl+Shift+]
  • Apple seemed to have responded *awfully* quick to a security whole in their new SDK, almost as if it was a web browser vulnerability? But, it can't be a browser, that is not what people here said it was.
    • Oh bugger, nothing like a typo to totally derail snide commentary. That whole should be a hole. I hereby disqualify myself from making additional snarky comments for this thread. Enjoy!
  • by MBoffin (259181) on Thursday June 14, 2007 @04:23PM (#19511039) Homepage
    Fixing the security issues may help in keeping Apple from looking foolish, but security is not the real problem with Safari for Windows. The real problem with Safari for Windows that Apple should be putting focus on is the user experience.* It's horrendous. Slow window redraws, completely broken Windows conventions, a total lack of extensibility, and on and on.

    As a web developer, I'm pleased as punch that they've released a Windows version of Safari that renders pixel-for-pixel the same as the OS X version (it really does, I checked). However, Safari on Windows is not even in the running as far as being a candidate as a full-time browser on Windows. The user experience is simply too painful.

    * I didn't say they should not focus on security. They most definitely should.
  • by Jugalator (259273) on Thursday June 14, 2007 @04:58PM (#19511697) Journal
    No wait... [imageshack.us]

    But maybe it's just as good to not have any sensationalist headlines to mislead you? :-p
  • by Wingsy (761354) on Thursday June 14, 2007 @06:00PM (#19512593)
    I've used it on Windows XP Pro. A friend has been using it on Vista. Neither of us can find a single thing wrong with it in 2 days of browsing (even to my bank, the acid test of browsers). The LA Times reviewer recommends it. ComputerWorld praises it. But here on Slashdot about all I see are people giving it a thumbs down. Am I seeing a bit of bias here? Someone direct me to a web page that Safari 3 on Windows XP renders horribly. Please, I wanna see.

The first Rotarian was the first man to call John the Baptist "Jack." -- H.L. Mencken

Working...