Another flaw within Safari 3.0 for Windows beta

Posted by Robert Vamosi

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Security researcher Robert Swiecki disclosed yesterday another vulnerability within the new Safari 3.0 for Windows beta, bringing the total of public vulnerabilities to nine. The latest flaw allows an attacker to steal a cookie. The flaw exists in the Javascript's window.setTimeout()implementation where the content timer-triggered function is processed after window.location property is changed.

In response to other Safari 3.0 vulnerabilities, Apple today released an updated version that addresses three of the nine public vulnerabilities.

Topics:: Apple,; Security

Tags:: security,; Apple,; Safari,; Windows

Bookmark:: Digg; Del.icio.us; Reddit

Recent posts from News Blog: EA Mobile, Eidos Interactive sign agreement; Sprint first to offer HTC Touch Pro; Flipping out: RIM BlackBerry Pearl Flip 8220 debuts; Sprint HTC Touch Diamond outed early; Woman to virtual ex: 'I won't be ignored!'

Add a Comment (Log in or register) 3 comments

B-E-T-A
by MadKiwi June 14, 2007 4:33 PM PDT: While it is disappointing to see so many apparent flaws appearing so quickly remember this is BETA software. Anyone stupid enough to replace their current browser with ANY beta software and then use for all their everyday browsing deserves what they get.

Safari 3 beta is NOT ready for prime time. As well as the security issues it crashes when trying to authenticate to a proxy server and, in my case, fails to load pages on our protected intranet.

I look forward to Apple getting Safari right as it has some really nice features but in the mean time it will NOT be anything but a test piece of software for me.

Finally, IMHO, this is turning out to be somewhat of a PR disaster for Apple...; Reply to this comment View reply
Processing

Safari 3.0.1 Beta fixes FIVE of the vulnerabilities
by TheBugsAttack June 14, 2007 5:15 PM PDT: The version released today (3.0.1 Beta) addresses five of the
(now) nine vulnerabilities, not three as the article incorrectly
states:

http://www.rec-sec.co.il/2007/06/12/apple-safari-for-
windows-vulnerabilities/

Look at the end of the page for the five fixed and three of the
(yet) un-fixed vulnerabilities.; Reply to this comment

Most Popular

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

News Blog topics

Featured blogs

Beyond Binary by Ina Fried
Coop's Corner by Charles Cooper
Defense in Depth by Robert Vamosi
Geek Gestalt by Daniel Terdiman
Green Tech
One More Thing by Tom Krazit
Outside the Lines by Dan Farber
The Iconoclast by Declan McCullagh
The Social by Caroline McCarthy
Underexposed by Stephen Shankland
More CNET blogs »

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Week in review: Tech stocks tumble
Of course it wasn't just technology stocks that took a dive this week, but industry leaders are doing some serious worrying about what lies ahead.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
News - Apple
Apple will repair MacBooks that have faulty Nvidia GPUs
Computer maker says it has determined some MacBook Pros may be affected by Nvidia graphics chip glitch, and offers to repair those notebooks at no charge.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Digital Media
YouTube beams up 'Star Trek' for long-form video
YouTube gets Beverly Hills 90210, MacGyver, and Star Trek in a test of longer-form video that's theatrically presented and interrupted by ads.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Messenger returns to Mercury
Crave
Even more Samsung phones clear the FCC
Crave gives you the details on recent cell phone filings with the FCC.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."