Apple has released an update to the beta of its Safari 3 browser for Windows that repairs three vulnerabilities.
Two of the repaired flaws could allow an attacker to take control of a system. A third exposes the user to a cross-site scripting vulnerability that could lead to disclosure of confidential information.
One of the repaired vulnerabilities was discovered by Thor Larholm, although Apple did not credit the researcher.
"Given that Apple has a lousy track record with security on OS X, and a hostile attitude towards security researchers, a lot of people are expecting to see quite a number of vulnerabilities targeted at this new Windows browser," he wrote when he disclosed his vulnerability in a blog posting on Tuesday.
In another posting on Thursday, Larholm claimed that the update is still ignoring several weak spots in the browser that allow him to crack the security again with a few tweaks to his original exploit.
Safari 3 is currently in beta making it unlikely that people are using the software as their primary browser. This will limit the risk that attackers will target the vulnerabilities.
Apple is breaking with common procedures in other areas too. The update to the application is listed as version 3.01, but it is uncommon to change version numbers of software when in the testing phase.
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago