<div><font face="">[ Note, I was going to hold off releasing this text for a few days... but as I said below, I'm not the only one to find these bugs. Currently, trying to establish how much cross-over Maynor, Aviv & myself have on these. ]
</font></div>
<div><font face=""></font> </div>
<div><font face="">I've never really been interested in looking for security bugs in Apple products. But recently I decided I'd buy a Macbook Pro when I return to Uni after holidays next month. I love the hardware design, and they have some great feature. I waited out until after Steve's impressive keynote at WWDC yesterday to make sure I didn't kick myself for getting an end-of-revision model, and low and behold a Safari
3.0 Beta was released. </font></div>
<p><font face="">Below are scant details on two memory corruption bugs inside Apple Safari, found approximately 6 hours after Safari 3.0 Beta's release. They have both already been reported to Apple in the manner they request (
</font><a href="mailto:product-security@apple.com"><font face="">product-security@apple.com</font></a><font face="">). I'm going to refrain from using the abused buzzword '0day' to describe them. They aren't particularly difficult bugs to find and there are plenty of other very intelligent, clever people who could also find these bugs, and may have already. I won't release windbg output or stack information publicly, but remote code execution appears possible.
</font></p>
<p><br><font face="">Crash 1:<br>md5: 4a28b6fdc557b346db365c467dcf958f<br>sha1: 45d82277f1975feff0b9d385393420d0f9a256cf</font></p>
<p><font face="">Affected<br> Safari 3.0 (522.11) Mac OS X 10.4.9 (PPC)<br> Safari 3.0 (522.11.3) Windows Vista<br> Safari 2.0.4 (419.3) Mac OS X 10.4.9 (Intel)<br> Safari 2.0.4 (419.3) Mac OS X 10.4.9
(PPC)</font></p>
<p><br><font face="">Crash 2:<br>md5: 9a99eb9c276fe40ebb721fbec4f6cdb9<br>sha1: 607cdcac55dc6e6c44ad5906b1095bf5340e206c</font></p>
<p><font face="">Affected<br> Safari 3.0 (522.11.3) Windows Vista</font></p>
<p><br><font face="">I don't want this to become hyperbole fuel in a zealot blog flame war, but I'm a realist & so I've got to expect that this will occur. Frankly, it is easier to find new software vulnerabilities in Apple rather than Microsoft products these days. The many talented people at Microsoft (MSRC, Michael Howard, Dave Ladd, SDL team et al) have really improved the quality of the code MS produces. Apple you are a long way behind Microsoft on security, and I wish you'd stop releasing blatantly misleading adverts saying otherwise. There are positives, take note Steve Jobs, if Apple consciously decided to pursue a program of improving their ability to write secure code I believe great strides could be made. Your customers would appreciate it.
</font></p>
<p><font face="">If you are a Windows user and want to keep your computer secure, don't install this piece of Apple software yet. If you're a Mac user, I'd suggest browsing in Firefox, or perhaps telnet until patches are released by Apple.
</font><font face=""> </font></p>
<p><font face="">- Rhys</font></p>
<p><font face="">PS. To Apple PR: I am not interested in publicly trading insults with you tit-for-tat. Like you I am a reasonable person, who undertook this work for free, I don't expect any reward from Apple other than a better browser; which all the Internet community benefits from. Your Engineering department has already confirmed these bugs really exist. I did not 'break' Safari, it was already broken when you chose to release it to the public. I will not release further technical details publicly until you have shipped patches, or in the eventuality that you do not wish to fix these bugs.
</font></p>