For the second time in as many weeks, Apple had to seal some security holes in Mac OS X and the new beta of its Safari Web browser. This time, the fixes are for a memory corruption flaw attackers could exploit to hijack a Mac, and a cross-site scripting flaw attackers could exploit via phishing sites to steal usernames and passwords.
The fixes come after vulnerability researchers jumped at the chance to find flaws in Safari for Windows the moment the beta was released. Apple has already issued a security update for some of the problems researchers uncovered.
Apple has come under increased scrutiny in recent months from vulnerability researchers unhappy with the company’s response when bugs are reported. Vulnerability researcher Aviv Raff recently told me that it’s always easier to make fixes when a program is still in beta and doubts Apple’s fast response is a sign that it is turning over a new leaf.
He said he didn’t report his recent Safari finds directly to Apple “because of my knowledge on how they treat security researchers.” A good example was the last security advisory, he said, adding, “There was no credit for any of us.”