Apple updates Safari for Windows to patch bugs

Apple today released an updated version of its Safari web browser for Windows to fix security holes researchers discovered soon after Monday's unveiling of the beta.

Safari version 3.0.1 corrects at least three "critical" vulnerabilities that could permit remote attackers to launch a DoS condition or execute arbitrary code, according to a FrSIRT advisory released today.

The fact that flaws were discovered hours after the beta went public is not surprising, Rob Ayoub, industry manager for research firm Frost & Sullivan, told SCMagazine.com today.

"The Windows researcher community is more active and they’re more familiar with some of the fuzzing technology (used to find vulnerabilities)," he said. "It does send some message to Apple that they have to have a more solid testing procedure in place. Had this been an actual release, I think it would have been pretty disastrous."

One of the flaws is caused by an input validation error when processing URLs, another is related to a memory read error that occurs when processing malformed data. The third is caused by a race condition when processing JavaScript, according to FrSIRT.