Apple is becoming a favorite target of security researchers these days. In April, there was the US$10,000 CanSecWest hack a Mac contest, and on Monday there was the Safari Web browser. Or the public beta of Safari for Windows, anyway.
In an interview, Raff said that it took about three minutes of fuzzing to find the bug and that he hadn't tested the issue on Mac OS X. So he couldn't say whether or not it affected Safari on Windows only. The bug causes the browser to crash and "might be exploitable," according to Raff, meaning it could possibly be used to run malware on the PC.
Raff was clearly unhappy with Apple's claim that Safari was designed to be "secure from day one" (he called this claim "pathetic") but he said he wasn't particularly going after Apple. "I don't pick just on Apple," he said. "I've posted about Microsoft and Mozilla issues too."
"Everyone has bugs, but not everyone say that they are 'designed to be secured from day one,'" he added. "I guess it's day zero now."