Safari for Windows that is…
Thor Larholm has
discovered a remote command execution vulnerability in the newly released
Safari for Windows (Beta) just a day after it was released. The vulnerability is caused by Safari's failure to validate user-supplied strings before passing them as parameters to external URL protocol handlers. The vulnerability can be exploited to execute arbitrary code on a victim's computer just by making them view a malicious web page in Safari.
Some other vulnerability researchers have reportedly
discovered more remote command execution vulnerabilities in Safari. However, as of now, only the vulnerability discovered by Larholm can be independently confirmed.