Browser Update Released by Apple: Safari 4.0.2
Cupertino-based software developer Apple has rolled out an update for its web browser, Safari 4.0.2. This update is meant to improve the stability of the Nitro JavaScript engine according to Apple, and it is also meant to address a couple of security holes in the software. You are very well advised to update your Safari browser – you can do so via Software Update, or by manually downloading Safari 4.0.2 (download location at the bottom of the article).
As a little reminder, Apple rolled out Safari 4.0.1 less than a month ago. The update was meant to fix some compatibility issues between Safari and iPhone 09. Compared to the previous update, version 4.0.2 comes with a bit more grunt: it makes the Nitro JavaScript engine a bit more stable and fixes two vulnerabilities that might put your online security at risk – one may allow cross-site scripting attacks and the other might allow arbitrary code execution.
Here is a more detailed look at the security issues the Safari 4.0.2 update addresses:
CVE-ID: CVE-2009-1724
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
CVE-ID: CVE-2009-1725
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
If you would like to get Safari 4.0.2, you can download it straight from Apple here.
Tags: Apple, Safari 4.0.2, Update, Security
As a little reminder, Apple rolled out Safari 4.0.1 less than a month ago. The update was meant to fix some compatibility issues between Safari and iPhone 09. Compared to the previous update, version 4.0.2 comes with a bit more grunt: it makes the Nitro JavaScript engine a bit more stable and fixes two vulnerabilities that might put your online security at risk – one may allow cross-site scripting attacks and the other might allow arbitrary code execution.
Advertising
Here is a more detailed look at the security issues the Safari 4.0.2 update addresses:
CVE-ID: CVE-2009-1724
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
CVE-ID: CVE-2009-1725
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
If you would like to get Safari 4.0.2, you can download it straight from Apple here.
Tags: Apple, Safari 4.0.2, Update, Security
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 09 Feb 2012
Redmond-based software giant Microsoft is giving all US residents the chance to win a Pink Sony VAIO Y laptop (ARV $6,000) as part of a Valentine’s Day Sweepstakes
By George Norman on 09 Feb 2012
The latest stable version of Google Chrome web browser is v. 17.0 which was rolled out to the public on Wednesday, the 8th of February, one day after the release of Chrome for Android Beta 1Related News
By George Norman on 07 Sep 2011
Intego, company that specializes in providing security solutions for Mac, announced yesterday that it is running a back to school promo and that as part of the aforementioned promo, it is offering a 20%
By George Norman on 28 Sep 2011
Great news for fans of properly good web browsers: the latest version of the Firefox browser to be released to the public is v 7.0
By George Norman on 14 Sep 2011
Intego, company that specializes in providing security solutions for Mac, has recently made public a video that showcased its VirusBarrier iOS security product. If you would like to view the video, you can
By George Norman on 21 Sep 2011
It would seem that changing someone’s password is not a very difficult thing of that someone is on Mac OS X 10.7 Lion, the eight major release of the Mac OS X operating system. Patrick Dunstan, author of the Defence in Depth blog, uncovered thatAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Browser Update Released by Apple: Safari 4.0.2
HTML Linking Code
HTML Linking Code