Apple releases Windows Safari 3.0.1, squishes security bugs
Looks like Apple's issued a new version of the public beta of Safari for Windows today -- highest on the list of fixes were patches for thee three separate security vulnerabilities that cropped up mere hours after launch. There's never any software that's 100% secure, but at least now it's that much safer for Windows users to go hunting wild internet on Safari 3.0.1. (Details on the fixes after the break.)Update: Wow, just 48 hours after launch and already Apple's clocked in over a million Safari for Windows downloads. Info here. Let's just hope the next million downloads are from users snagging the 3.0.1 update.
CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code execution
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.
Reader Comments (Page 1 of 2)
Mike @ Jun 14th 2007 12:42PM
You know, I gotta say, I tried Safari last night and it seems definitely slower than Firefox. Also, rendering the page seems slower, too, as there is a very subtle drop in "FPS" as I scroll up and down a page. Whatever, it's beta. I'm sure the final product will be much better.
Roy @ Jun 14th 2007 12:48PM
I downloaded this update, and the Safari User Interface STILL DOESN'T render correctly. I can't see any home, back, forward or bookmark buttons. Also, text on rendered pages STILL DOESN'T render at all. I can't visibly see text.
Windows XP. Bummer cause I like Apple software. But this is a Windoze machine (my work PC)
paloooz @ Jun 14th 2007 12:49PM
I get the same problem. Vista.
Tom @ Jun 14th 2007 3:00PM
Same problem, Vista too.
Ken Allen @ Jun 14th 2007 12:49PM
I still can't get text to appear in windows.
CharlieX @ Jun 14th 2007 12:54PM
I'm a rabid Mac fanboy.... and I've always hated Safari. Firefox has it whooped three ways to nowhere.
Nick @ Jun 14th 2007 3:03PM
Well, except for speed. And font rendering. In terms of being extensible, yeah, Firefox rocks.
farfisa @ Jun 14th 2007 12:58PM
I understand why they did it with iTunes, but any other developing for Windows... you sure you want to go there, Apple?
Adrian Williams @ Jun 14th 2007 1:27PM
you dont have to download itunes Quick-Fire Mcgraw you just have to uncheck the safari with itunes box on safari download page
my problem with it is that I cant maximize it on my second monitor it simply disappers
cs0875 @ Jun 14th 2007 2:31PM
@adrian
I think he meant he understood why Apple released iTunes for Windows, but there is little point to realeasing other software for windows
cs0875 @ Jun 14th 2007 2:31PM
@adrian
I think he meant he understood why Apple released iTunes for Windows, but there is little point to realeasing other software for windows
007baf @ Jun 14th 2007 2:40PM
I think you're right about what the original poster meant. But I have the same problem with multi-monitors. There's a way around, someone told me on Twitter, but it was complicated and I want easy. I don't have time to read a pile of manuals to figure this out;-)
I do have the update. It still crashes, but I'll give it a shot.
farfisa @ Jun 14th 2007 2:48PM
yes, cs0875--that's totally what I meant.
But, just as the iTunes thing was to help PC users use their store and buy their iPods, it's becoming evident that the iPhone / Safari connection is going to be really important too.
Quick-Fire Mc... wha?
BoxOfSnoo @ Jun 14th 2007 1:05PM
And for me, it's very stable and considerably faster than Firefox.
fxer @ Jun 15th 2007 1:36AM
I wish I had your magic computer
Gist @ Jun 14th 2007 1:10PM
Farfisa, of course they want to go there... the more web development there is that keeps Safari in mind, the better your iPhone experience will be... as with iTunes, Apple Software on Windows is all about moving Hardware, not "saving" windows users from having to use the "same old" stuff.
That being said, Safari on Windows does suck. It can't match the features of a browser like Firefox, and personally, I can't stand that it's a plain grey box UI harking back to the days of Win98. As for "speed"... most of us sit and look at a blank screen while our IP makes the connection, which has little to do with the local machine.
But on the plus side, Resizing Text Fields is the greatest thing to happen to browsers since Tabs.
BoxOfSnoo @ Jun 14th 2007 2:32PM
For me, on the same machine with the same connection, things happen way faster than with FF. Switching between tabs, page rendering and all that good stuff.
I still use FF for serious browsing, but Safari is becoming rather compelling. I want the RSS menu features Firefox has though. I store my bookmarks online.
ArtVandelay @ Jun 14th 2007 1:19PM
For those of you who missed it...
"Looks like Apple's issued a new version of the PUBLIC BETA of Safari.."
Good lord it's a B-E-T-A people...it's supposed to have bugs and security flaws etc. That's why you release a beta so the general public can poke and prod at your product in every which way imaginable to find things like this.
Drew @ Jun 14th 2007 3:41PM
That's what they are doing.
Duh.
Neebs @ Jun 14th 2007 1:19PM
And yet, it still isn't open-source, so why bother?
schlomo @ Jun 14th 2007 2:00PM
actually, just like OSX itself, Safari is based on an open-source foundation. WebKit is the backbone of Safari, is created and maintained by Apple on a BSD-style licensing.
Neebs @ Jun 14th 2007 4:34PM
Really? I didn't know that...maybe one day I'll check it out, but for now, it won't have "extensions" like Firefox.
Skylar @ Jun 14th 2007 1:26PM
I'm on a Mac and I never use Safari (always Firefox), but I might now. There are so many sites that don't work properly on Safari, but this release makes it more of a REAL browser and hopefully more sites start recognizing that!
michael @ Jun 14th 2007 1:28PM
It's amazing how when Microsoft made Vista a public beta, any bugs that showed up, people would scream I hate you.
When Apple makes Safari a public beta, any bugs that show up, are just regarded as, "It's just a beta people. It's not final yet."
Shocking how it is, isn't it?
Roy @ Jun 14th 2007 2:08PM
the whole point of a beta is to get feedback anyway. scream all you want.
michael @ Jun 14th 2007 2:37PM
@Roy:
I was just pointing out how unfair sometimes the media and some fanboys treat Microsoft and Apple. We all secretly know that people like to think Microsoft = bad and Apple = good, even though it's not always true. So I was just pointing out how in this case, it proves the theory that Microsoft just gets bad press for something, and Apple could walk away from the same situation. I'm not trying to make anyone mad here, but I'm just pointing out the obvious truth. Just to make the world open their eyes and notice a bit, ok?
Mike @ Jun 14th 2007 3:44PM
I think you're right. Microsoft tends to have a bad reputation compared to Apple. For better or worse, Apple seems to be the company to love nowadays.
Iscariote @ Jun 14th 2007 3:32PM
What a fine day for a straw man.
James @ Jun 14th 2007 1:29PM
Safari is crap. Missing so many useful features from Firefox and Opera. No Windows users using Safari is going to switch to a Mac because of Safari. Even Mac users don't use Safari. They use Camino.
Niklas Sundqvist @ Jun 14th 2007 1:48PM
I seriously wounder why Anyone would like to use Safari on Windows, even in OS X!
The first thing I do when I install OS X is to start Safari to download Firefox, and then remove Safari. Too little add-ons and too little security.
Hawkman @ Jun 14th 2007 2:27PM
Safari actually has fewer outstanding security issues than Firefox - on OS X at least. On Windows too at the moment, I'm sure, but there must be myriad problems that haven't been picked up yet.
Lack of add-ons is a fair criticism, but there's nothing compelling on FF from my point of view, and the much better interface and speed of Safari win out.
Logik @ Jun 14th 2007 3:41PM
The thing that drew me to FF was the myriad of extensions that were featured on TechTV (G4). How quickly did I learn that:
1. Most FF themes are a distraction, hinder usability and intuitiveness
2. Most FF extensions are just novelties, there are maybe 10 worthwhile extensions
Safari has a potential to win me over from FF. At this moment, the most important matter for Safari is to match all, or most of the menus and shortcuts from FF & IE. That will be important in winning people over from both camps.
P.S: Safari's page rendering is an entire length above IE & FF.
zoara @ Jun 15th 2007 10:41AM
One word: Omniweb
zoara @ Jun 15th 2007 10:48AM
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
zoara @ Jun 15th 2007 10:45AM
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
zoara @ Jun 15th 2007 10:46AM
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
zoara @ Jun 15th 2007 10:52AM
What the hell happened there?!
Rob K @ Jun 14th 2007 2:01PM
Am I the only one who is still waiting for Safari to aquire a "New Tab" button? How long is it going to take Apple to add this simple feature?
Roy @ Jun 14th 2007 5:21PM
a new tab button, you mean ctrl(or apple)+t??
Ignacio @ Jun 14th 2007 3:57PM
Middle-click on a link. Or ctrl-t if you want an epty one (sure, you have to use the keyboard but if you are opening a blank tab you would need to type an address anyway most of the time). Or, right click to the right of the last open tab.
Personally I never use the "new tab" in Firefox: I remove that button and open new empty tabs by double clicking the the right of the last tab. I wish they'd add *that* to Safari. Middle-click on a tab to close it would be handy too.
Luigi193 @ Jun 14th 2007 2:06PM
Apple gets money for every search in the google search thing i think.
Also, it is a beta so remember that. I use safari for mac over firefox. FIrefox does OWN safari in the plug in department, but when it comes to speed and interface, its better. I hate the look of firefox! BUT as the ancient saying goes: let him decide the browser he uses
cs0875 @ Jun 14th 2007 2:58PM
If you don't like how FF looks there are hundreds of themes to change the look including a Safari theme.
Mike @ Jun 14th 2007 3:44PM
I agree, the default FF theme isn't the greatest. I always use the Noia 2.0 theme; I think it's great. Search for it on the themes page, it should be up near the top as it is one of the more popular themes.
Mike @ Jun 14th 2007 3:44PM
Now I'm a complete beginner on a Mac so maybe I was just never doing this right, but I like that in the Windows Safari, you can maximize the window to have it take up the whole screen.
Shunnabunich @ Jun 14th 2007 11:32PM
Mike: That's actually just a difference between Windows and Mac OS X, which applies to all programs. Instead of having a window fill the entire screen, OS X's "maximize" button only expands the window enough to show its contents comfortably (which sometimes means filling up the whole screen anyway). This was just a design decision on the part of Apple's software engineers.
zoara @ Jun 15th 2007 10:58AM
cs0875, you're confusing interface with appearance. Changing the appearance of an application only changes a (small) part of the interface.
As an analogy, painting a truck a different colour and adding chrome bumpers makes it look different, but doesn't make it handle like a sports car.
(Meta: Engadget, why can't I reply directly to comments that are replies to other comments? Only the parent comment has a reply link, but I want to reply to cs0875, not Luigi193.
James @ Jun 14th 2007 2:06PM
On the Mac I've found Firefox to be slower than Safari, Text rendering is much uglier, the interface is questionable, and the add-ons are nice but they often compromise stability. I just want a quick and to the point browser and Safari works great in that regard. I'm glad Firefox is out there as an option but for some it offers little-to-no advantages.
On Windows Safari has a much different appeal and much more of an uphill battle. It's pretty obvious this move has more to do with supporting the iPhone. The iPhone, in turn, gives Safari a secret weapon in the browser wars. I'm sure Apple will start asking iPhone users to download Safari with iTunes to have "perfect iPhone compatabiity." Sneaky. Gotta love corporate synergy.
James @ Jun 14th 2007 4:00PM
Much better interface? Oh really? Does Safari allow you to press backspace and go to a previous page? The interface is pretty much useless to a Firefox/Opera user. Keep Safari where it should be. On a mac.
Faster page rendering would be good if it renders all of the pages correctly.
Hawkman @ Jun 14th 2007 5:32PM
> Does Safari allow you to press backspace and go to a previous page?
Actually yes, yes it does.
As far as I'm concerned, Safari's prettier (both in itself and its rendering), faster, supports more advanced CSS features and is more logical. I don't want myriad add-ons, I just want to browse the web.
Oh, by the way - Safari's got the most accurate rendering of all major browsers. For instance, which browser passed acid2 first, eh? Firefox is more _compatible_, certainly - but that comes at a price for both developers and end users. Credit to the guys and gals who work on it, they do a good job.
My reasons for preferring Safari are largely subjective, which is fine. I've got no objections to anyone holding different subjective opinions ;-) But get your facts right, please...
HaX80r @ Jun 14th 2007 2:32PM
I know its still beta, but I get faster page loads with IE, and that's really sad. Also, don't try anything Java-based (like Runescape). Something that looked like an Apple version of Java (three types of Java now?) started loading, then the entire thing crashed.