Is Apple using the Windows Safari Beta Test to stamp out iPhone security holes?

June 15, 2007 by Dr. Macenstein
Filed under: Opinion, Rampant Speculation, iPhone 

Posted by Dr. Macenstein

Within hours of Apple releasing the Safari 3 beta for Windows, computer geeks from around the world began pointing out various security holes in the browser. The most notable computer geek being David Maynor ( he of the infamous MacBook Wi-Fi exploit) who found a number of potential denial-of-service attack executions in the beta. A day later Apple released a security patch addressing a handful of the largest of these exploits.

With the iPhone’s launch a mere 2 weeks away, this got me to thinking. The iPhone has a “full version” (minus Flash support, apparently) of Safari running on it. Apple has repeatedly said it does not want developers writing “real” apps for the iPhone due to security risks for cellular networks.

Is there a chance Apple is hoping that by releasing a beta of Safari for Windows, it can let the hacking community do its QC work for it?

Having a successful, bug-free launch for the iPhone means a great deal to Apple. On the other hand, being the first to exploit a vulnerability in the iPhone that brings down AT&T’s entire network means a great deal to any hacker worth the title.

The speed with which Apple posted the first rounds of Safari updates indicates to me that Apple fully expected holes to be found, and made sure they had a team ready to quickly tackle any issues that may have arisen. Apple is usually pretty fast in responding to known security exploits, but not that fast. In the past it has usually taken them about 2-3 weeks to plug a reported QuickTime hole.

Some people feel Apple released the Safari beta for Windows users in order to entice more of the global (ie, non-Mac) programming community to consider writing apps for the iPhone. However, since Jobs mentioned that the iPhone apps are pretty much just Ajax code, this seems like a lame argument. I’m pretty sure the 5000 or so developers who attended the WWDC can handle writing the various “get movie times” and “find lowest gas prices near me” iPhone apps that Ajax can give us. No need to bring in extra programming help for what essentially many high school kids are being taught how to do.

So, is it possible that Apple is using the beta to close as many holes as it can leading up to the iPhone’s launch? With so much of the iPhone’s success relying on Safari, I wouldn’t be surprised.

Every time you submit our site, an Angel gets its wings.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • MySpace
  • NewsVine
  • Slashdot
  • StumbleUpon
  • Technorati
  • Yahoo! Buzz
  • Fark
  • Spurl

Tags:

Comments

21 Comments on Is Apple using the Windows Safari Beta Test to stamp out iPhone security holes?

  1. Rick on Fri, 15th Jun 2007 11:37 am

    2. But iPhone uses OS X and OS X Safari, no? Or is Safari 3 the same on all platforms? If that’s the case, programming for iPhone is diddley-squat because Apple will have suddenly made programming platform agnostic.

    Doubtful.

  2. Neon Noodle on Fri, 15th Jun 2007 11:37 am

    3. hmm… well, how many of those holes they found in the windows version apply to the Mac Os? Because that’s what the iPhone is running. Although I guess some universal problems they found like javascript code stuff would apply. Hackers are amazing, when you think about it, maybe even cooler than the people who think up the apps in the first place, are people who can look at an app and see where someone f’d up.

  3. Neon Noodle on Fri, 15th Jun 2007 11:39 am

    4. ha ha, Rick, we must have posted at the same time! great minds, and such.

  4. Charles on Fri, 15th Jun 2007 11:53 am

    5. Although Rick and Neon are correct in that bugs have only so far been found in the Windows version of Safari, that doesn’t mean that Apple isn’t expecting a few Mac OS X Safari bugs to be found, and figures that releasing a Windows version means there will be that many more hackers looking at it.

  5. Patrick on Fri, 15th Jun 2007 12:23 pm

    6. Not to sound jerkish, but last I checked, your theory is one valid purpose of a beta: to find and plug holes.

  6. Dr. Macenstein on Fri, 15th Jun 2007 12:41 pm

    7. Absolutely Patrick,

    But what I am saying is I think the timing of the beta seems suspect. Apple is likely specifically attempting to get the much larger Windows community of developers to debug Safari so the iPhone will be secure at launch (or soon after) by discovering the bigger, more obvious holes now. Apple is not simply trying to make a nice looking, secure Windows browser.

    -The Doc

  7. Geniver on Fri, 15th Jun 2007 1:50 pm

    8. Many critics have pointed out that Safari for Windows is not Windows enough for Windows users. I think THAT is the point.

    The Safari for Windows UI is like the Safari for Mac UI; also like the Safari for iPhone. Windows users planning to buy an iPhone need to learn Safari.

    That means Apple had to release Safari for Windows BEFORE the iPhone - ready or not.

  8. Rowlings on Fri, 15th Jun 2007 2:57 pm

    9. Geniver, I don’t think that’s it.

    The version of Safari on the iPhone looks a hell of a lot different from both the Mac/Windows versions. It is blue, doesn’t seem to have tabs, only the “+” and bookmark symbol seem to be the same, and they are in different locations than “the real” Safari. I think both Mac and PC users will have the same amount of “trouble” adjusting to it.

    Plus, what is there really to get used to in safari, as opposed to any other browser? Once you understand the basic concepts of tabs, bookmarks, etc., all browsers are the same.

  9. Way Cool Jr. on Fri, 15th Jun 2007 7:20 pm

    10. now that you mention it, why IS Safari’ UI all blue on the iPhone? Why not match leopard?

  10. Dave-O on Fri, 15th Jun 2007 9:26 pm

    11. It was the Cuban on the grassy knoll.

  11. not a hacker on Fri, 15th Jun 2007 10:00 pm

    12. Well, since Safari for windows will communicate with the iPhone via iTunes syncing, odds are Safari is as good a place as any to look for a way into the iPhone. Web browsers are inherently the easiest way into a computer system.

  12. Dlink on Sat, 16th Jun 2007 9:32 am

    13. Does anyone else think that apple is trying to create a write once use on Windows and Mac platforms? Maybe another checkbox in XCode that will compile for Windows not just Intel or PPC Mac. Just a thought

  13. Markus Bradley on Sat, 16th Jun 2007 9:33 am

    14. Oh my god. This is the most trite crap I think I’ve ever had the misfortune of reading over the internet.

    Apple did 9/11!!!!!!

  14. Chris on Sat, 16th Jun 2007 9:35 am

    15. The holes that security analysts (I hate the frequent misuse of the term “hackers”) have found on Safari on Windows have absolutely no relevance to the iPhone. As somebody has already pointed out, the iPhone runs a variant of Mac OS X with a variant of Safari. How one could make the intellectual leap from Windows to iPhone is beyond me.

  15. Robert on Sat, 16th Jun 2007 9:59 am

    16. Although the iPhone may be running on OS X, the cellular networks are probably running Windows, or some weird Linux variant, but more likely Windows.

    Since it is AT&T feeding the phone the internet signal, so any exploit could potentially take down the entire cell phone provider.

    I think it’s less of a matter “what can you do to the phone”, seeing as Phones are pretty minimalist devices, a virus will have a hard time crippling a cell phone, however it is a question of “what can the phone do to the provider”

  16. Puiz on Sat, 16th Jun 2007 10:08 am

    17. Safari for Windows has a different set of vulnerabilities from Safari for Mac. Besides, porting Safari to Windows must have been a huge task, not something you’d do for a two-week test run. Let’s just say you were thinking out loud. Interesting theory, but I think it just happens to be wrong.

  17. Johnathon Womback on Sat, 16th Jun 2007 10:22 am

    18. Apple just released a very very crappy product. When Microsoft does this we call them on it, and the same should be true for Apple or any other company. Let’s call a spade a spade..mmkay?

    Safari isn’t even good enough for its native OSX, so why even bother porting it to Windows or Linux.

  18. Mike on Sat, 16th Jun 2007 11:36 am

    19. This article is way off, they arent concerned about security holes…but the release was definately iPhone related. Its been announced that ALL the third party applications will use and be developed using the Safari platform…so obviously they released Safari on Windows so that Windows users who buy the iPhone can actually DEVELOPE and take advantage of iPhone APPS!!!!

    It has nothing to do with a browser war, i would even venture to say that they don’t give a shit about Safari market share that much. They just want everyone to be able to A. develop, and B. access new apps for their iPhone.

  19. josecalvo on Sat, 16th Jun 2007 5:34 pm

    20. Talking about iPhone failures. Have you seen the Iphone advertisement?. In one shot a guy is holding the iphone and seconds later they change it to a guy with bigger hands to make it look smaller. Pretty tricky, but not enough!

  20. Michel J. Grenier on Sat, 16th Jun 2007 11:29 pm

    21. Will iPhone be able to run Skype?

  21. QA on Mon, 17th Nov 2008 1:04 pm

    22. Yes! Skype for iPhone will be released. I think they’re going to do it at the same time that free energy, UFO technology, and Rife machines are disclosed to the public.

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!





Contest

Advertisement

Product Reviews

  • IntelliSchool Free is released - Free open source school database system

    • Our Finest Moments

    Where are they now? Interview with Switcher Girl Ellen Feiss

    Review: The iCar by Corgi - Possibly the worst iPod accessory EVER

    Apple blames iPod nano screen defects on obese Americans/tight pants

    Using Safari can slow your system down as much as 76% vs Firefox

    Donate Now

    iPhone Feature Request

  • Categories:

    • Advertisement