Apple has released Safari 4.0.2 for both Mac and Windows, which is available through either software update or through the Safari website.
The update addresses two security vulnerabilities and improves the stability of the Nitro JavaScript engine used by Safari and are described below:
- An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
- A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
The update is recommended for all Safari users.