Apple updates Safari for Windows to address flawsBy Justin Mann
No less than two days after Apple release Safari for Windows, many independent security researchers had discovered numerous flaws in the browser, which ranged from denial of service to potential compromise. Apple is moving fast to compensate for these flaws, with the release of a beta version that fixes several problems.
The 3.0.1 update for Safari on Windows will fix three different issues:
The updated version patches CVE-2007-3186, a command-injection vulnerability that may lead to arbitrary code execution; CVE-2007-3185, an out-of-bounds memory read issue that may lead to an unexpected application termination or arbitrary code execution; and CVE-2007-2391, a race condition that may allow cross-site scripting.
At first, it was speculated that perhaps the flaws could also be exploited under OS X. According to them, however, it affects only Safari running on Windows. You can of course now download the update if you so wish. To compete with Firefox and IE in the Windows realm, they'll definitely need to maintain this type of vigilance. So far, most have been unimpressed by Apple's move.