To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39167472,00.htm

Bugs found in Apple's Safari for Windows
Just one day after its release

By David Meyer

Published: Wednesday 13 June 2007

The first bugs have already been found in the beta version of Safari for Windows, a port of Apple's web browser, less than a day after its release.

Apple CEO Steve Jobs announced the beta release during his keynote speech at the company's Worldwide Developers Conference on Monday.

David Maynor - one of the researchers who controversially claimed to have found security flaws in Apple's AirPort wi-fi driver last year - wrote in his blog on Monday that "an afternoon of idle fuzzing [testing software by throwing random data at its inputs]" by him and other testers had thrown up six denial-of-service (DoS) bugs and two remote execution flaws.

Maynor, who works for consultancy Errata Security, added that, in line with his company's disclosure policy, he would not report the bugs to Apple.

This stance prompted one reader of his blog to comment: "If you actually desire to be professional, then either shut your damned trap entirely or report the issues the way a professional security researcher would report them... for the betterment of all good folks and not just you."

Maynor responded by questioning what he termed "the value in reporting vulnerabilities to an organisation that treats them as marketing fodder and requires press to fix anything serious in a timely fashion".

In August 2006 Maynor and his colleague Jon Ellch used a Black Hat security event in Las Vegas to demonstrate a successful hack on an Apple MacBook. Although Apple claimed the research was no evidence of a MacBook vulnerability, the company released three security patches for AirPort just over a month later.

Apple could not be reached for comment at the time of writing.

David Meyer writes for ZDNet UK.