Modern Software Experience

2008-03-26

Apple Safari 3.1

Apple Safari 3.1 continues to receive negative press. I was planning to do a quick look at the new features of Safari 3.1. Alas, the news that Apple Safari suffers from critical vulnerabilities makes these new features an almost moot point.

unsafe

Apple Safari 3.0 was found to be unsafe in a few hours, Apple Safari 3.1 is found to be unsafe in a few days since its release.

Secunia report

Secunia reporting and confirming two vulnerabilities first reported by Juan Pablo Lopez Yacubian.

One error allows memory corruption and may be exploited to run arbitrary code, the other allows displaying arbitrary content while showing the URL of a trusted site.

advice

Secunia’s rating is Highly Critical. The status of these vulnerabilities is unpatched, and their solution is "Do not browse untrusted web sites.".

I disagree with their solution, especially since the second vulnerability may lead you to believe that you are browsing a safe web site while you are not...
I recommend not using Safari at all and making darn sure that it is not the default browser, until these vulnerabilities have been patched. Practically, I recommend removing Safari to reinstall a safer version later.

links