The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Columnist: Safari Security Fails to Learn from Past

Columnist: Safari Security Fails to Learn from Past

by , 2:50 PM EDT, July 8th, 2008

Three mistakes in the security design of Safari show that Apple has failed to learn from past mistakes, according to a guest editorial at ZDNet by a security team leader, Aviv Raff.

The mistakes Apple has made were compared to the ways other browsers and OSes handle the issues:

  1. Automatic file downloading, aka, carpet bombing.
  2. Browser fuzzing.
  3. Predictable locations for cache and cookies.

"In conclusion, before porting the Safari browser from Mac to Windows, Apple should have looked at past browser vulnerabilities and design flaws, and really try to avoid them," Mr. Raff, a security team leader for a Fortune 500 company, said. "The examples above show that Apple didn?t learn anything from past mistakes."

What Mr, Raff failed to point out is that no known, in the wild, exploits have been traced to these issues. Even so, a healthy discussion about ways to improve security is always good, especially when it helps keep one step ahead of the bad guys.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Guest
Subject: I don't see any problem with Apple's security record

I don't see anyone taking advantage or having any public break-ins. What does predictable cache and cookies mean? All browsers have those, that's nothing new. Has the Mac ever been remotely compromised? NO. Apple corrects all issues it sees especially security ones. It certainly responds quicker than Microsoft.

Close Name:Guest
Subject: I think he's referring to the Windows version

of Safari. He's saying that it contains basically the same vulnerabilities other Windows browsers are notorious for, none of which affect the Mac thanks to OS X. Herein lies one of the dangers of developing cross-platform, though I agree that security is a good thing to be discussing all across the board.

Comment on this Article


You cannot edit your comments.   You cannot delete your comments.

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated July 5th

Fri, 10:29 AM
News - Apple Warns of Learning Interchange Security Breach
7:30 AM
News - Happy Fourth of July!
Thu, 6:07 PM
TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
5:37 PM
News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
4:57 PM
News - Microsoft Sick Over Barf Ad
4:09 PM
Product News - KRK Ships R6 Passive Studio Monitor for Recording
3:45 PM
John Martellaro's Blog - Particle Debris (week ending 7/2)  Juiced, Joost and Goosed
3:12 PM
Product News - ExactScan 2 Pro Released
1:56 PM
Deal Brothers - Apple TV with 160GB Hard Drive:  $324.00 Delivered
12:46 PM
TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
10:41 AM
Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
10:04 AM
Hot Forum Topic - Deciphering Mac Sales

The Mac Observer Reader Specials

  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!