As Apple rolled out the Safari Web browser for Windows at its World Wide Developers Conference, some one should have asked if it had been tested by real-world Windows users. It turns out that not 3 hours after its release, a major security issue was discovered — and discovered quite easily.
Thor Larholm, a Web app developer, from Denmark unearthed a command line security hole within 2 hours of installing Safari.
Apple’s Web site touts, “Apple engineers designed Safari to be secure from day one.” As Larholm explained on his blog, that may very well be correct: Its engineers obviously designed Safari to take advantage of security protocols in the OS X operating system, as evidenced by function calls to those protocols Larholm located inside the source code for the Windows version – calls which would obviously go unfulfilled.
“On the OS X platform,” he continued, “Apple has enjoyed the same luxury and the same curse as Internet Explorer has had on the Windows platform, namely intimate operating system knowledge.”
In short, this does not bode well for Apple or Safari.
I recommended downloading and giving SafariWin a try — as it turns out, you may be come part of their “Beta Bug Team”! You can send all your reports to Cupertino and I’m sure they will plug up the security holes and breaches quickly, but you have to ask the question, “Has the real damage already been done?”