In an interesting role reversal, Microsoft has issued a security bulletin telling Windows users to avoid the Safari web browser due to the carpet bombing flaw that I reported on previously. Microsoft has likely put this bulletin out because of Apple’s refusal to fix that issue along with another one that potentially has dire consequences. Or, the cynics among us would say that Microsoft is taking advantage of cracks showing in the “secure from day one” argument that Apple loves to make. Either way the optics suck for Apple as I can’t remember the last time Microsoft told Windows users to avoid installing a mainstream product for security reasons.
Let’s get down to brass tacks here. Apple meeds to take immediate action and fix these flaws, plus they need to be proactive about issues and fix them no matter what they think of them. They also need to listen to those who point out these flaws as they are only trying to help Apple out (like I mentioned here and here for example). Otherwise this sort of embarrassing situation will keep happening to Apple.
Oh, by the way. All you Macintosh Fanbois who think that you don’t have to worry about this, I’m sorry to say that these flaws exist in the Macintosh version of Safari. Something for you fanbois to think about.
UPDATE: Security Focus joined the chorus by issuing their own note on this issue.