From the “We told you so” files: Universal security bugs discovered in Safari 3 beta
Posted by Dr. Macenstein
When we first posted our conspiratorial thoughts on Apple’s motives for releasing the Safari 3 beta, our readers were extremely vocal. While many agreed with our theory that Apple was hoping the larger Windows hacker population would help find bugs and security holes in the Safari browser before the iPhone makes its debut next week, there were just as many who called us idiots. As faithful Macenstein reader Chris put it:
“The holes that security analysts (I hate the frequent misuse of the term “hackersâ€) have found on Safari on Windows have absolutely no relevance to the iPhone. As somebody has already pointed out, the iPhone runs a variant of Mac OS X with a variant of Safari. How one could make the intellectual leap from Windows to iPhone is beyond me.”
Well, here we are a week later, and while we won’t argue that we’re idiots, Apple has released a new Safari beta (v3.0.2) update for BOTH Windows and Mac OS X. And guess what? The description of both reads:
-Latest security updates
-Improved stability
It would seem there ARE indeed Safari security exploits to be found that are universal in nature. These exploits will presumably affect the version of Safari found in the upcoming iPhone as well. Additionally, Apple today released Security Update 2007-006, which patches two vulnerabilities in WebKit (used by Safari), one of them extremely critical.
A week ago we thought the timing of the beta’s release was extremely suspect, and we still do. We thought the near instant turn around time between the bug reports and the subsequent patch releases were equally suspicious (TWO updates in ONE WEEK?). In fact, the entire idea of Apple releasing beta software at all is suspicious. We can’t remember the last time Apple released beta software of ANY application, let alone of the software which will pretty much be responsible for the success or failure of the most hyped device to ever launch. (Well, I suppose they DID release a beta of OS X 6 years ago, but they made us PAY THEM to test that.) It is apparent to us that Apple realized it would need a little extra help doing the QC on this one. Even ZDNet thinks we might not be smoking crack here.
I suppose the real proof in will be when all those lucky iPhone buyers go to sync their iPhones for the first time next Friday. I’m betting $6 that the first thing that will pop up is a Safari update, seeing as the iPhones are no doubt already boxed up with the pre-patched security plagued version of Safari. Who wants to take that bet?
(Oh, and for the record, Chris, out of the 8 bugs that were discovered in the first 24 hours of the beta’s release, some were indeed cross platform).
I actually thought this too.
OK….so after fixing safari 3 beta download with help from previous answers on another thread (frameworks and private frameworks files) I have downloaded the update to safari 3 thinking this may resolve issues I still have with dashboard not working 100%. This only made matters worse with dashboard client automatically quiting everytime it is launched. To combat this I uninstalled Safari 3 beta using its uninstall pkg and am now running safari 2.0.4 but I am still having problems with dashboard with no other app’s crashing on me…yet! Please could someone advise on how to rectify this problem as I am unsure as to how to fix it. If it helps I have gone into the system library and have found two files that MAY be in the wrong locations, they are: Extensions.kextcache and: Extensions.mkext Any ideas would be gratefully received!
Dr. Mac is on the right track, but it’s not just bug flushing that Apple is after. The reason Apple released Safari for the PC is to create a larger user base that will in turn create demand for websites to become Safari/Webkit compatible, and in turn, be compatible with the iPhone’s browser.
Don’t forget, Boot Camp is a beta…. 😉