updated 02:55 pm EDT, Wed July 9, 2008
Safari for Win. security
The Windows version of Safari did not live up to Apple claims of it being "secured from day one," a new editorial claims. A ZDNet writer argues, for instance, that Safari should not have been set for automatic file downloading by default, as this can copy malicious executables to a person's computer. While these executables might not launch by themselves, automatic downloads prevent a person from exercising discretion, and Apple later admitted that code could be executed remotely.
The editorial further argues that Safari was vulnerable to "browser fuzzing," random data input meant to detect vulnerabilities. Apple is said to have been particularly guilty in this regard, as a year prior, several free fuzzing tools were released to the public, and used in a campaign to call the attention of many browser creators.
Safari is lastly said to have the fault of storing cache and cookie files in a predictable place, making it far easier for hackers to gain access to them. By contrast, Firefox generates random names for its profile folder, and Internet Explorer saves files in random directories. Under Safari, it is said, a local XML file could be executed remotely, and used to steal all of a person's cookies while hijacking browser sessions.