July 8th, 2009
Safari 4.0.2 patches two security vulnerabilities
Apple yesterday released Safari 4.0.2 via Software Update and recommends the update for users on all platforms.
According to Apple’s typically vague “release notes” the 40.2MB update improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.
According to the knowledgebase article HT3666 the update addresses two security vulnerabilities that could be exploited by maliciously crafted Web sites.
The first security fix addresses a problem in WebKit’s handling of parent and top objects which may result in a cross-site scripting attack when visiting a maliciously crafted Web site. The second addresses a memory corruption issue in WebKit’s handling of numeric character references. Visiting a maliciously crafted Web site may lead to an unexpected application termination or arbitrary code execution.
If you use Safari 4 as your primary browser the update is highly recommended.
Jason D. O'Grady is the editor of PowerPage.org, which has been publishing daily mobile technology news since December 1995. For disclosures on Jason's industry affiliations, click here or to view Jason's full profile click here.
Subscribe to The Apple Core via Email alerts or RSS.
