Apple releases Windows Safari 3.0.1, squishes security bugs
By Ryan Block 
posted Jun 14th 2007 12:37PM
posted Jun 14th 2007 12:37PM
Looks like Apple's issued a new version of the public beta of Safari for Windows today -- highest on the list of fixes were patches for thee three separate security vulnerabilities that cropped up mere hours after launch. There's never any software that's 100% secure, but at least now it's that much safer for Windows users to go hunting wild internet on Safari 3.0.1. (Details on the fixes after the break.)Update: Wow, just 48 hours after launch and already Apple's clocked in over a million Safari for Windows downloads. Info here. Let's just hope the next million downloads are from users snagging the 3.0.1 update.
CVE-ID: CVE-2007-3186
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to arbitrary code execution
Description: A command injection vulnerability exists in the Windows version of Safari 3 Public Beta. By enticing a user to visit a maliciously crafted web page, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser.
CVE-ID: CVE-2007-3185
Available for: Windows XP or Vista
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds memory read issue in Safari 3 Public Beta for Windows may lead to an unexpected application termination or arbitrary code execution when visiting a malicious website. This issue does not affect Mac OS X systems.
CVE-ID: CVE-2007-2391
Available for: Windows XP or Vista
Impact: Visiting a malicious website may allow cross-site scripting
Description: A race condition in Safari 3 Public Beta for Windows may allow cross site scripting. Visiting a maliciously crafted web page may allow access to JavaScript objects or the execution of arbitrary JavaScript in the context of another web page. This issue does not affect Mac OS X systems.
You know, I gotta say, I tried Safari last night and it seems definitely slower than Firefox. Also, rendering the page seems slower, too, as there is a very subtle drop in "FPS" as I scroll up and down a page. Whatever, it's beta. I'm sure the final product will be much better.
I downloaded this update, and the Safari User Interface STILL DOESN'T render correctly. I can't see any home, back, forward or bookmark buttons. Also, text on rendered pages STILL DOESN'T render at all. I can't visibly see text.
Windows XP. Bummer cause I like Apple software. But this is a Windoze machine (my work PC)
I get the same problem. Vista.
Same problem, Vista too.
I still can't get text to appear in windows.
I'm a rabid Mac fanboy.... and I've always hated Safari. Firefox has it whooped three ways to nowhere.
Well, except for speed. And font rendering. In terms of being extensible, yeah, Firefox rocks.
I understand why they did it with iTunes, but any other developing for Windows... you sure you want to go there, Apple?
you dont have to download itunes Quick-Fire Mcgraw you just have to uncheck the safari with itunes box on safari download page
my problem with it is that I cant maximize it on my second monitor it simply disappers
@adrian
I think he meant he understood why Apple released iTunes for Windows, but there is little point to realeasing other software for windows
@adrian
I think he meant he understood why Apple released iTunes for Windows, but there is little point to realeasing other software for windows
I think you're right about what the original poster meant. But I have the same problem with multi-monitors. There's a way around, someone told me on Twitter, but it was complicated and I want easy. I don't have time to read a pile of manuals to figure this out;-)
I do have the update. It still crashes, but I'll give it a shot.
yes, cs0875--that's totally what I meant.
But, just as the iTunes thing was to help PC users use their store and buy their iPods, it's becoming evident that the iPhone / Safari connection is going to be really important too.
Quick-Fire Mc... wha?
And for me, it's very stable and considerably faster than Firefox.
I wish I had your magic computer
Farfisa, of course they want to go there... the more web development there is that keeps Safari in mind, the better your iPhone experience will be... as with iTunes, Apple Software on Windows is all about moving Hardware, not "saving" windows users from having to use the "same old" stuff.
That being said, Safari on Windows does suck. It can't match the features of a browser like Firefox, and personally, I can't stand that it's a plain grey box UI harking back to the days of Win98. As for "speed"... most of us sit and look at a blank screen while our IP makes the connection, which has little to do with the local machine.
But on the plus side, Resizing Text Fields is the greatest thing to happen to browsers since Tabs.
For me, on the same machine with the same connection, things happen way faster than with FF. Switching between tabs, page rendering and all that good stuff.
I still use FF for serious browsing, but Safari is becoming rather compelling. I want the RSS menu features Firefox has though. I store my bookmarks online.
For those of you who missed it...
"Looks like Apple's issued a new version of the PUBLIC BETA of Safari.."
Good lord it's a B-E-T-A people...it's supposed to have bugs and security flaws etc. That's why you release a beta so the general public can poke and prod at your product in every which way imaginable to find things like this.
That's what they are doing.
Duh.
And yet, it still isn't open-source, so why bother?
actually, just like OSX itself, Safari is based on an open-source foundation. WebKit is the backbone of Safari, is created and maintained by Apple on a BSD-style licensing.
Really? I didn't know that...maybe one day I'll check it out, but for now, it won't have "extensions" like Firefox.
I'm on a Mac and I never use Safari (always Firefox), but I might now. There are so many sites that don't work properly on Safari, but this release makes it more of a REAL browser and hopefully more sites start recognizing that!
It's amazing how when Microsoft made Vista a public beta, any bugs that showed up, people would scream I hate you.
When Apple makes Safari a public beta, any bugs that show up, are just regarded as, "It's just a beta people. It's not final yet."
Shocking how it is, isn't it?
the whole point of a beta is to get feedback anyway. scream all you want.
@Roy:
I was just pointing out how unfair sometimes the media and some fanboys treat Microsoft and Apple. We all secretly know that people like to think Microsoft = bad and Apple = good, even though it's not always true. So I was just pointing out how in this case, it proves the theory that Microsoft just gets bad press for something, and Apple could walk away from the same situation. I'm not trying to make anyone mad here, but I'm just pointing out the obvious truth. Just to make the world open their eyes and notice a bit, ok?
I think you're right. Microsoft tends to have a bad reputation compared to Apple. For better or worse, Apple seems to be the company to love nowadays.
What a fine day for a straw man.
Safari is crap. Missing so many useful features from Firefox and Opera. No Windows users using Safari is going to switch to a Mac because of Safari. Even Mac users don't use Safari. They use Camino.
Installed it, tested it, got rid of it.
Don't know where they got the 1.5 times faster then FF.
And I just use too much of the FF extensions to be able to replace FF.
I seriously wounder why Anyone would like to use Safari on Windows, even in OS X!
The first thing I do when I install OS X is to start Safari to download Firefox, and then remove Safari. Too little add-ons and too little security.
Safari actually has fewer outstanding security issues than Firefox - on OS X at least. On Windows too at the moment, I'm sure, but there must be myriad problems that haven't been picked up yet.
Lack of add-ons is a fair criticism, but there's nothing compelling on FF from my point of view, and the much better interface and speed of Safari win out.
The thing that drew me to FF was the myriad of extensions that were featured on TechTV (G4). How quickly did I learn that:
1. Most FF themes are a distraction, hinder usability and intuitiveness
2. Most FF extensions are just novelties, there are maybe 10 worthwhile extensions
Safari has a potential to win me over from FF. At this moment, the most important matter for Safari is to match all, or most of the menus and shortcuts from FF & IE. That will be important in winning people over from both camps.
P.S: Safari's page rendering is an entire length above IE & FF.
One word: Omniweb
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
Oh, hold on. I didn't read your comment properly (what can I say, it's Friday afternoon here). Omniweb's no good if you want plugins.
Still, Omniweb is - to my mind - better than Safari (more full-featured) and Firefox (doesn't feel as clunky). I replace Safari, just like you, but I replace it with Omniweb.
I don't delete Safari though; why bother? It only takes up a few megs of disk space.
What the hell happened there?!
Am I the only one who is still waiting for Safari to aquire a "New Tab" button? How long is it going to take Apple to add this simple feature?
a new tab button, you mean ctrl(or apple)+t??
Middle-click on a link. Or ctrl-t if you want an epty one (sure, you have to use the keyboard but if you are opening a blank tab you would need to type an address anyway most of the time). Or, right click to the right of the last open tab.
Personally I never use the "new tab" in Firefox: I remove that button and open new empty tabs by double clicking the the right of the last tab. I wish they'd add *that* to Safari. Middle-click on a tab to close it would be handy too.
Apple gets money for every search in the google search thing i think.
Also, it is a beta so remember that. I use safari for mac over firefox. FIrefox does OWN safari in the plug in department, but when it comes to speed and interface, its better. I hate the look of firefox! BUT as the ancient saying goes: let him decide the browser he uses
If you don't like how FF looks there are hundreds of themes to change the look including a Safari theme.
I agree, the default FF theme isn't the greatest. I always use the Noia 2.0 theme; I think it's great. Search for it on the themes page, it should be up near the top as it is one of the more popular themes.
Now I'm a complete beginner on a Mac so maybe I was just never doing this right, but I like that in the Windows Safari, you can maximize the window to have it take up the whole screen.
Mike: That's actually just a difference between Windows and Mac OS X, which applies to all programs. Instead of having a window fill the entire screen, OS X's "maximize" button only expands the window enough to show its contents comfortably (which sometimes means filling up the whole screen anyway). This was just a design decision on the part of Apple's software engineers.
cs0875, you're confusing interface with appearance. Changing the appearance of an application only changes a (small) part of the interface.
As an analogy, painting a truck a different colour and adding chrome bumpers makes it look different, but doesn't make it handle like a sports car.
(Meta: Engadget, why can't I reply directly to comments that are replies to other comments? Only the parent comment has a reply link, but I want to reply to cs0875, not Luigi193.
On the Mac I've found Firefox to be slower than Safari, Text rendering is much uglier, the interface is questionable, and the add-ons are nice but they often compromise stability. I just want a quick and to the point browser and Safari works great in that regard. I'm glad Firefox is out there as an option but for some it offers little-to-no advantages.
On Windows Safari has a much different appeal and much more of an uphill battle. It's pretty obvious this move has more to do with supporting the iPhone. The iPhone, in turn, gives Safari a secret weapon in the browser wars. I'm sure Apple will start asking iPhone users to download Safari with iTunes to have "perfect iPhone compatabiity." Sneaky. Gotta love corporate synergy.
For some reason, a Mac app on Windows seems like a contradiction in terms...
kinda like how microsoft made windows media player and internet explorer for mac?
ionno that seemed like a contradiction to me too.
ya, well, im a PC guy, and i dont keep up much with mac news[this is the exception]. i know the guys down at microsoft are high half the time... but so is Jobs
Much better interface? Oh really? Does Safari allow you to press backspace and go to a previous page? The interface is pretty much useless to a Firefox/Opera user. Keep Safari where it should be. On a mac.
Faster page rendering would be good if it renders all of the pages correctly.
> Does Safari allow you to press backspace and go to a previous page?
Actually yes, yes it does.
As far as I'm concerned, Safari's prettier (both in itself and its rendering), faster, supports more advanced CSS features and is more logical. I don't want myriad add-ons, I just want to browse the web.
Oh, by the way - Safari's got the most accurate rendering of all major browsers. For instance, which browser passed acid2 first, eh? Firefox is more _compatible_, certainly - but that comes at a price for both developers and end users. Credit to the guys and gals who work on it, they do a good job.
My reasons for preferring Safari are largely subjective, which is fine. I've got no objections to anyone holding different subjective opinions ;-) But get your facts right, please...
I know its still beta, but I get faster page loads with IE, and that's really sad. Also, don't try anything Java-based (like Runescape). Something that looked like an Apple version of Java (three types of Java now?) started loading, then the entire thing crashed.
I have XP and a two monitor (Dualview) setup. If I drag the Safari window to the second display (without the taskbar) and maximise, the entire window vanishes and I have to Ctrl+Alt+Del to close the program. Not good.
I haven't even tried it on my Mac at home, as I hear it buggers up Widgets.
Try using Ultramon with your dual monitor setup. With it you can have a separate taskbar on each desktop.
Mine keeps crashing when I click the + incon or the bookmark icon in the bookmark toolbar. (winXP sp2)
Ive never used safari So iam not gonna bash it till i get my hands on a MAC which should be soon. but i seriously doubt any windows users using either FF or IE are gonna switch to a MAC just for a web browser. imagine me the convo
Bill: hi ted whatcha got there?
Jimmy: oh its my new MAN.
Bill: OH i thought u had a PC.
Jimmy: Ah yeah i did i bought this $1400 new MBP b/c i just loved the web browser Safari that APPLE had.
Bill:Our friendship is over!......ASSCLOWN
Jimmy:... : (....But it just works!
Neeko, this may come as news to you, but Safari is now available on Windows. No need to buy a MAC (sic) to use it.
damn typos...STILL FUNNY THOUGH.
Text and windows control buttons still missing on my windows PC. (as stated by others) I have not seen this addressed in Apples bug list, unless I over looked it.
Anyone find a solution to the problem of no text in both main window and buttons like forward/backward ...etc.. ?
I thought I would bring this up...In Job's Keynote the pie graph of browser market share shows the current market. His speech goes on to say how many FF downloads there are a day and compared to iTunes downloads. (If you missed it - there was a large difference) The next graph showed the market share Apple was trying to reach - the graph now has all of the other browser percentage covered but none of the IE market share. One can speculate that Apple with it's resources may be in talks to partner with Mozilla - which is a bit better than competing - for Apple. And if they were to compete with FF for market share what value would the average user (not like us tech savy) bring? Probably the next cool thing that Apple will deliver to us.
If your Safari can do what your FF does and then provide a value of better security and speed - you'll switch. Right? Everyone of us knows the answer is yes. To be forced to switch is what everyone HATES. Choice is good...web apps working differently in each browser is bad.
I am a huge fan of Apple - if you can't tell and I'm huge fan of cross OS software and cross browser web development. The day that comes when I can build a site/app using web standards and it perform like I want on every OS and browser will be awesome.
-Nickmenow
Safari is fun and all, and it's pretty freakin' fast, but I think I'll stick with FireFox. I really don't notice the .4 second difference anyway, lol.
I tried out Safari last night on my laptop with XP... I didn't really notice too much of a load time difference vs firefox, but one thing I did notice is that where firefox pixelated a resized image pretty badly, safari rendered it as if that was the original size. Hmmm. I have a laptop and a desktop, and currently both have installed Internet Explorer, Firefox, Safari, and Opera, and now I'm trying to pick a favorite of those last three.
I use a mac everyday at work and even I steer away from Safari. There have been too many occasions where Safari has stopped responding or crashed while browsing. It may be slightly faster than firefox but I have a lot more peace of mind browsing with firefox than I do safari.
Like one guy earlier said, the first thing I do now with a fresh OSX is open safari to download firefox.
Oh, and on windows, Safari is rather ugly :)
Also it disappears when you try to full screen it on a secondary monitor.
when I've tried my Safari 3.0.1 beta on my MAC. My Yahoo Messenger didn't worked right. The safari beta still needs more improvement. So I uninstall it and switch back to the stable version.
Safari need some support in Complex language
Safari need some support in complex language