Updated Safari for Windows improves security

Apple has released Safari Beta 3.0.1 for Windows, an update to their recently-introduced Web browser for Windows XP and Vista. The new version is available for download from Apple’s Web site or through the “Apple Software Update” application (bundled with QuickTime or iTunes for Windows).

Apple CEO Steve Jobs introduced Safari for Windows near the end of his keynote presentation during this week’s Worldwide Developers Conference (WWDC) in San Francisco, Calif. Apple is releasing Safari for Windows in the hope of growing its market share in the browser market. Some market research pegs Safari in third place behind Firefox, with only the Macintosh market using it.

“Apple issued an update to the Safari for Windows public beta today to fix the security vulnerabilities that were reported earlier this week. Safari updates are delivered to beta testers through Apple’s Software Update Application,” an Apple spokesman told Macworld .

The public release of Safari 3 is a beta version — Apple has released it for trial purposes, with the intent of gathering feedback prior to its release. More details are available from the Web site.

The security improvements in Safari Beta 3.0.1 include correction for a “command injection vulnerability,” corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser; an out-of-bounds memory read issue; and a race condition that can allow cross-site scripting using a JavaSscript exploit.

Apple notes that these security issues to do not affect the Macintosh version of Safari 3.

Editor’s note: Updated with statement from Apple.

Subscribe to the Apple @ Work Newsletter

Comments