Columnist: Safari Security Fails to Learn from Past

by , 2:50 PM EDT, July 8th, 2008

Three mistakes in the security design of Safari show that Apple has failed to learn from past mistakes, according to a guest editorial at ZDNet by a security team leader, Aviv Raff.

The mistakes Apple has made were compared to the ways other browsers and OSes handle the issues:

  1. Automatic file downloading, aka, carpet bombing.
  2. Browser fuzzing.
  3. Predictable locations for cache and cookies.

"In conclusion, before porting the Safari browser from Mac to Windows, Apple should have looked at past browser vulnerabilities and design flaws, and really try to avoid them," Mr. Raff, a security team leader for a Fortune 500 company, said. "The examples above show that Apple didn?t learn anything from past mistakes."

What Mr, Raff failed to point out is that no known, in the wild, exploits have been traced to these issues. Even so, a healthy discussion about ways to improve security is always good, especially when it helps keep one step ahead of the bad guys.