Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

recoiledsnake writes "The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites." Further, Wormfan writes "The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs." Update: 03/27 17:23 GMT by Z : Dave Schroeder writes with the note that the license has been updated to correct this mistake.

It has begun...

[muffen]

Guess this article was right! [slashdot.org]

Acidity

[n3tcat]

So Acid 4 will include security tests too now, right?

Re:It has begun...

[Divebus]

"The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs."

Damn! Now, where did I put those Apple stickers?

I wonder...

[Fenice]

...if Apple can sue itself for proposing illegal installs of safari on windows?

Re:Acidity

[MooseMuffin]

Yes. You pass if the website renders correctly. You fail if the website owns your machine.

Re:It was bound to happen

[mwvdlee]

Only if the firstborn is female, and you don't need to send any for the first 18 years.

Fine by me

[asc99c]

My iPod came with a big Apple sticker which for some reason I did stick on my PC. Guess I'm OK to use Safari then.

Re:Fine by me

[AioKits]

My iPod came with those as well. Too bad there was not enough space left on my laptop after the Mozilla folk were nice enough to give me a sheet of Mozilla stickers for purchasing a few t-shirts and a laptop tote...

Switch?

[blankoboy]

Sheesh, I'm on the verge of finally switching from Microsoft to Apple (just been waiting on the new rev of the Mac Mini to appear) and they go and pull the funny business of trying to slip Safari on to Windows desktops that use Itunes. On top of that there is now this report of the security flaws found in Safari. So now Apple is carelessly pushing a security risk browser onto unsuspecting client PC's. This is really underhanded and has be getting cold feet. Ubuntu perhaps....then?

Apple, these sort of tactics really are not necessary. Don't take the low road please...you can win it by going on the high way.

Profit?

[crt]

Step 1: Install Safari on millions of unsuspecting Windows PCs
Step 2: Sue non-Mac owning PC users for violating EULA
Step 3: ???

Yet more proof

[an.echte.trilingue]

Yes. You pass if the website renders correctly. You fail if the website owns your machine.

Yet another "standards" test designed to make IE fail. This is just more proof that the W3 has it out for Microsoft.

Re:You keep saying that word....

[Daimanta]

I am a naturalist and I don't wear any clothes you insensitive clod!!

Nobody reads them

[Zelos]

Proof that nobody reads EULA, not even the people that write them?

More likely, some tired programmer just copied the string resource across from another project without checking it.

Re:It has begun...

[mini me]

It is just a oversight. They forgot to change the EULA

So, I think we can safely assume that they just forgot to change the same clause in the EULA for OS X also.

Re:You keep saying that word....

[Nursie]

Not only did I get the point. I had a chuckle at the idea of naked naturalists, hanging out (literally) in the forest trying to spot wildlife...

Re:You keep saying that word....

[Nursie]

You can be both! You can be both!

Re:It has begun...

[grahamd0]

If Safari becomes the default browser on these systems, you end up with critical vulnerabilities in a browser installed on non-tech-savvy individuals' computers.

Good god, man! We've got to get them back on Internet Explorer!

Re:It has begun...

[bpsbr_ernie]

I was thinking the same thing. Perhaps, they will push OSX out in the next iTunes update.

Re:Actually

[jtev]

You mean, like.... Ummm.... I'm thinking here.... Windows Media Player for mac? That would be the sort of vindictive thing that would be awesome for MS to do in my not so humble opinion. Bonus points if they "forget" to fix their licence, and say that it has to be run under windows.

Found 'em

[GameboyRMH]

They're all over the place:

- Stuck to the back glass of pickups
- Stuck to the back glass of poorly maintained econo-cars
- Stuck to teenage girls' bedroom/dorm doors
- Stuck to teenage girls' binders and backpacks

Good luck getting them back...

Re:It has begun...

[swb]

When the very first Blue & White PowerMacs came out, the print studio at the ad agency I worked for was totally pumped for their machines -- they had been sucking it up using beige G3s and even older PPC Macs.

Since my job was prepping the machines for install in the studio, I decided to pimp the studio people by putting an "Intel Inside" logo over the Apple logo; of course the machine was for the Mac zealot in the group who was super pissed that the logo was there and that he couldn't figure out how to remove it.

I caught hell for doing it, primarily because it took major surgery and a ton of time to put the stupid thing in there and I didn't get some other tasks accomplished.

Re:It has begun...

[erc]

I used to work for Sun back in the early 90's, when Linux was first getting off the ground. We had finally gotten X to run under Linux, and so I figured I'd see what it would do on a 386SX/25 laptop with 16MB of RAM. It was pretty slow, but as long as I wasn't doing anything it was fine. When the screensaver kicked in, I saw the traditional Sun logo, and that gave me an idea for a prank.

I went down to engineering and got one of the old metal Sun logos, the ones that used to be on the front of Sun-2 boxes, and put it over the logo of the laptop, fired it up in my office, and waited for the first victim to wander by. A while later, one of the senior software developers walked into my office to ask me something, and spied the laptop with the Sun logo and the screensaver running with the Sun logo on it. "How'd you get a Sparc laptop? I didn't think they were in production yet!" I have lots of friends ... [chuckle]...

It didn't take long for the prank to be found out, but it sure was fun for a while... :)

Reminds me of the time that I got Wine running under A/UX (Apple's version of UNIX, SVR4 flavor) - I was working for Apple at the time, and it was fun to see people's faces when they'd come by and see the Windows logo on the screen on what was obviously a Mac, but that's a story for another time. Sure was a fair bit of work, but it worth the prank value... :)

Re:Hardly surprising

[Anonymous Coward]

That "spyware" service you refer to is just a notifier to open iTunes when an iPod is connected. That's all it does. It's hardly malicious, and it doesn't report to Apple what you do with your computer.

Yeah, but having that program poll the bus once every ten seconds or so is seriously infringing on the 4.8 BILLION operations a second that his computer is capable of doing. Do you realize just how much percentage-wise that is?!?!?

Re:It was bound to happen

[rthille]

Either you're really young, or you haven't been around any 18 year old girls lately. God they are insipid...send me a nice "at the peak of my sexuality" 30 year old instead any day!

Re:It has begun...

[mrbluze]

Anyways, going back to the article, I think the EULA is just a mistake and believe they will correct it. It does however bring up a valid point about the usefulness and legalities around EULA's.

Any EULA is basically saying:

• This software is mine, so piss off!
• If you use it, it's your stupid fault, so piss off!
• You can't sue me but I can sue you, so piss off!
• Oh, and by the way, piss off!

Re: "It" has begun...

[WaltFrench]

Considering ... the aggressive way their software "takes over" your computer...

Good Lord! Apple has hacked Windows' security so it lets Apple software mod the Registry to determine which app starts when you double-click a URL?

They're more malicious than I could ever have imagined!!! Soon, all these machines will be filled with all the spyware, viruses, trojans and etc that Apple is notorious for hosting!

Re:It has begun...

[Divebus]

I got two Apple stickers with my copy of Leopard. Time to check out that box again!

No wonder I didn't see them! They were in with the documentation!

Re:It has begun...

[flosofl]

I had two, and I put them on a large stone block and my printer. Anyone know how to install safari on a printer?

No, but I did manage to get it installed on a medium stone block. I'm sure the steps I used can be scaled up to your large one. Page renders are very crisp, but refresh takes forever.

Re:It was bound to happen

[Rary]

This is Slashdot. Odds are he's never been around any female not called "Mom".

Re:You keep saying that word....

[gstoddart]

I am a naturalist and I don't wear any clothes you insensitive clod!!

Chill, don't get your knickers in a twist.

Err ... wait. :-P

Cheers

Re:It has begun...

[Kjella]

I used to work for Sun back in the early 90's,

Reading the rest of your post, I'd say you were employed by Sun back in the early 90's.