14 DAY TRIAL // Apple has released an update to its standard web browser for Mac OS X, Safari. Version 4.0.2 is recommended for all Safari users, as it delivers stability improvements, as well as the latest compatibility and security fixes, according to the release notes. Full details can be found below.
On the Support section of its website, Apple posts the following message, regarding the latest version of Safari:
About Safari 4
This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.
As the release not only improves on the JavaScript front, but also addresses compatibility and security issues, the Mac maker links to an additional Support document, where the more hidden side of this update is disclosed.
Talking “about the security content of Safari 4.0.2,” Apple reveals that it has patched just two holes that were recently discovered in the web browser, both of which exist in WebKit. Available for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista, “an issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website,” Apple reveals. “This update addresses the issue through improved handling of parent and top objects,” the company explains.
The second problem, available for all the above-listed platforms, relates to a memory-corruption issue, which exists in the WebKit's handling of numeric character references. Apple claims that, “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.” To fix this, the company has addressed the problem through improved handling of numeric character references. Apple credits Chris Evans for finding and reporting the vulnerability.
Readers can use the link below to grab the latest version of Safari available.