Man, I love me some Slashdot. I posted a bulletin on MySpace a few days ago about how Apple was trying to sneak the Safari web browser onto PC users' computers via an update to iTunes. Well, it's a good thing if you stayed away from downloading Safari.The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites.
The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs.
- Source
Thursday, March 27, 2008
Safari for Windows == security vulnerability.
Subscribe to:
Post Comments (Atom)
2 comments:
ok ok, I know I took a partial defensive position on your original myspace bulletin on this topic... but, yeah, apple was pretty sheisty with that move.
Oddly, iTunes tried to update Safari, and only Safari a few days ago. Even though I don't have Safari installed. I wonder if Apple is going to continue to include Safari in its update que.
Post a Comment