It’s been an interesting few days for Apple and their Safari web browser. On Monday, Apple released a PC version of Safari 3 (beta) at the 2007 Worldwide Developers Conference. But within a few hours, Internet security specialists and hackers had uncovered several bugs capable of crashing the Windows operating system as well as a major security flaw making it possible to remotely take control a PC without the owners knowledge.

Just hours after Apple made Safari 3 available for Windows, David Maynor from Errata Security and independent expert Aviv Raff both blogged about the Safari security bugs they found.

“I can’t speak for anybody else, but the bugs [I] found in the beta copy of Safari on Windows work on the production copy on OS X as well… The exploit is robust mostly thanks to the lack of any kind of advanced security features in [Mac] OS X.” erratasec.blogspot.com

“A first glance at the debugger showed me that this memory corruption might be exploitable. Although, I’ll have to dig more to be sure of that. Again, this is just a beta version. But, don’t you hate those pathetic claims?” net-security.org

At last count, 6 total bugs in Safari have been recorded despite this claim on the Safari 3 download page: “Apple engineers designed Safari to be secure from day one.”

But hell, Safari 3 is just a beta version, it’s supposed to have bugs, right?


So why did Apple decide to make their Safari web browser Windows compatible in the first place? Three reasons come to mind:

  • A cross platform web browser will encourage web developers to create web-based programs for the iPhone and make their sites more compatible for existing Safari (Mac) users.
  • A PC version of Safari is an opportunity to expose Windows users to another Apple product. Apple hopes PC users will enjoy their Safari experience and think about getting a Mac the next time they get a new computer. So far, they are off to a pretty bad start.
  • Search dollars. The little search box in the upper right corner of the Firefox web browser is a major revenue generator. Every time you use that little search box, the browser manufacturer makes money off the search ads you are exposed to when you are taken to the results page. I’ve seen reports that Firefox (an open source project) made around over $50 million dollars from that little search box in 2006 alone.

methodshop