Symantecis latest Internet Security Threat Report, which has been coming out twice a year since 2002, shows a dozen bugs found for Appleis Safari Web browser during the first six months of 2006, up from six bugs uncovered in the second half of 2005. In contrast, Mozilla open source browser bugs jumped from 17 to 47, and Internet Explorer bugs increased from 25 to 38.
"There is no safe browser," Vincent Weafer, senior director with Symantec Security Response, told Macworld UK. He noted that 3Com and Verisign are among the companies paying for information about browser exploits, which is part of the reason for an increase in bugs overall. In addition, there is a "growing black market for exploits."
Marc Maiffret, chief technology officer with eEye Digital Security, added: "Everyone has realised that targeting the applications on the desktop is a better way to break into businesses and consumers and steal things than server flaws."
Symantecis report also found that Apple is taking longer to patch Safari bugs: five days, on average, in the first half of 2006, compared to zero days in the last six months of 2005. In the same comparison, Microsoft decreased its patch development time from 25 days to 10. Mozilla bugs were patched within a day of being disclosed from January through June of this year, while Opera took two days to patch its browser flaws.