Another flaw within Safari 3.0 for Windows beta
Security researcher Robert Swiecki disclosed yesterday another vulnerability within the new Safari 3.0 for Windows beta, bringing the total of public vulnerabilities to nine. The latest flaw allows an attacker to steal a cookie. The flaw exists in the Javascript's window.setTimeout()implementation where the content timer-triggered function is processed after window.location property is changed.
In response to other Safari 3.0 vulnerabilities, Apple today released an updated version that addresses three of the nine public vulnerabilities.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.




Safari 3 beta is NOT ready for prime time. As well as the security issues it crashes when trying to authenticate to a proxy server and, in my case, fails to load pages on our protected intranet.
I look forward to Apple getting Safari right as it has some really nice features but in the mean time it will NOT be anything but a test piece of software for me.
Finally, IMHO, this is turning out to be somewhat of a PR disaster for Apple...
Stop trying to use it as your main browser and expect it to be a
release version.
Any publicity is good publicity especially the day when the news
comes through saying Safari is ready for full release.
- Safari 3.0.1 Beta fixes FIVE of the vulnerabilities
-
by TheBugsAttack
June 14, 2007 5:15 PM PDT
- The version released today (3.0.1 Beta) addresses five of the
-
Reply to this comment
-
(3 Comments)(now) nine vulnerabilities, not three as the article incorrectly
states:
http://www.rec-sec.co.il/2007/06/12/apple-safari-for-
windows-vulnerabilities/
Look at the end of the page for the five fixed and three of the
(yet) un-fixed vulnerabilities.