Researchers find Safari bugs just hours after Windows release

Bug hunters have claimed numerous flaws in Apple's Safari web browser just hours after its release for Windows.

Less than a full day after Safari version 3 beta was released for Windows and Mac, researcher Thor Larholm revealed a "fully functional command execution vulnerability, triggered without user interaction simply by visiting a website."

Larholm released proof-of-concept code for the flaw on his website today.

"Given that Apple has had a lousy track record with security on OS X, in addition to a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted toward this new Windows browser," Larholm said on his website today.

David Maynor, founder and CTO of Errata Security, said Monday on the company’s blog that researchers found a number of bugs in the beta that also work for the OS X version.

"I’d like to note that we found a total of six bugs in an afternoon, four DoS and two remote code execution bugs. We have weaponized one of those to be reliable and it’s different than what [Larholm] has found. I can’t speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy of OS X as well (same code base for a lot of stuff)," he said. "The exploit is robust, mostly thanks to the lack of any kind of advanced security features in OS X."

An Apple representative could not immediately be reached for comment.