Just hours after Apple released Safari for Windows and I wrote about the potential for associated exploits, multiple exploits have been released. This currently includes:
Apple Safari for Windows Protocol Handler Command Injection Vulnerability (BID 24434)Apple Safari for Windows Unspecified Denial of Service Vulnerability (BID 24431)Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities (BID 24433)
Details on the first one have already been released publicly and theother two have been reportedly disclosed to Apple. We have not seenthese being used maliciously in the wild, but then again, they werejust released hours ago. We definitely expect in-the-wild usage tofollow in the future, as well as the discovery of more vulnerabilities.
This Safari release is officially a beta release. Even if thesevulnerabilities didn't exist, we wouldn't recommend using beta softwarein a production environment. Hopefully many of these bugs will bescrubbed before the official release.
Note: Apple has released version 3.0.1 of thepublic beta of Safari that corrects multiple security issues. The newversion can be downloaded from http://www.apple.com/safari/download/