In the last day there has been a number of vulnerabilities disclosed by researchers against the newly released Safari for Windows. The first was Dave Maynor’s full disclosure then came Aviv Raff’s disclosure and finally today Thor Larholm disclosed his vulnerability. Thor’s is probably furthest along in being an actual working exploit. Not a good day for Safari.
Probably the most interesting part of this is Dave Maynor’s reasons for going Full Disclosure. He doesn’t talk about it much on his blog, other than this little quip, “Keeping with our disclosure policy, we do not report bugs to Apple.” Apple has had a long history of bad dealings with security researchers, and they are now seeing a backlash amongst the security community. No surprises though, you get what you ask for. It pays not to make enemies in this business.