Columnist: Safari Security Fails to Learn from Past || The Mac Observer

Skip navigational links

Choose text size:

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Columnist: Safari Security Fails to Learn from Past

Columnist: Safari Security Fails to Learn from Past

by , 2:50 PM EDT, July 8th, 2008

Three mistakes in the security design of Safari show that Apple has failed to learn from past mistakes, according to a guest editorial at ZDNet by a security team leader, Aviv Raff.

The mistakes Apple has made were compared to the ways other browsers and OSes handle the issues:

Automatic file downloading, aka, carpet bombing.
Browser fuzzing.
Predictable locations for cache and cookies.

"In conclusion, before porting the Safari browser from Mac to Windows, Apple should have looked at past browser vulnerabilities and design flaws, and really try to avoid them," Mr. Raff, a security team leader for a Fortune 500 company, said. "The examples above show that Apple didn?t learn anything from past mistakes."

What Mr, Raff failed to point out is that no known, in the wild, exploits have been traced to these issues. Even so, a healthy discussion about ways to improve security is always good, especially when it helps keep one step ahead of the bad guys.

Recent TMO Headlines - Updated December 7th

Wed, 4:49 PM: Apple Announces Powerful New User and Data Security Features
Wed, 4:43 PM: Apple Delivers New Wave of OS Release Candidates
Wed, 3:30 PM: French Group Files Complaint Against Apple Over Device Repairability
Wed, 1:14 PM: Travelin' Tim Talks TSMC
Wed, 12:34 PM: 'Disney Dreamlight Valley' Arrives for Apple Mac Sillicon Users
Wed, 12:26 PM: Two Women Sue Apple for Illegal AirTag Tracking Incidents
Wed, 12:17 PM: Apple Wins Patent Battle Against AliveCor Over Heart Rate Monitoring
Wed, 11:51 AM: Apple TV+ Lands 10 Nominations at 28th Annual Critics Choice Awards
Wed, 3:00 AM: Pricing Tools for Developers and Things We Didn't See Coming - TMO Daily Observations 2022-12-07
Tue, 5:06 PM: Apple CEO Tim Cook Says Chips Can Soon Be Stamped ‘Made in America’
Tue, 4:49 PM: Microsoft Looking Into 'Super App' to Directly Compete with Apple and Google in Search Engine Markets
Tue, 4:04 PM: Get Your Crunchyroll Anime Fix on Your Mac

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.