Apple loves to brag about Safari’s security by saying “Apple engineers designed Safari to be secure from day one.” (Go to www.apple.com/safari and click on security on the left side). But people keep finding holes in the browser that according to some are really serious.
Take Nitesh Dhanjani for example. He’s a security researcher who found three vulnerabilities in Safari and reported them to Apple. They in turn said that they would only fix one that they considered to be critical. As for the other two? He was told that Apple will look at them, but they will not do anything about them at this time. It’s a good thing that he wrote about these two issues in his blog for all to see. I’m guessing that Apple will do something about them now that they’re in the public eye.
If you take a look at these issues, these are things that according to him things that other browsers handle but Safari does not. So one could argue that Safari is lacking in some functionality that Internet Explorer and Firefox have. That bothers me. That’s also the reason why Firefox has been my default browser on my MacBook Pro for as long as I’ve had the machine. It appears that something I said in this blog some time ago is coming true. Apple is making decisions that makes that “more secure than Microsoft” aura disappear. Which means that all the momentum that Apple has been gaining is at risk. All it takes is one high profile exploit using one of those issues (or some other issue that we know nothing about) for things to come tumbling down around them.