Added on 10 Jul 2009(754 Views)
Cupertino-based software developer Apple has rolled out an update for its web browser, Safari 4.0.2. This update is meant to improve the stability of the Nitro JavaScript engine according to Apple, and it is also meant to address a couple of security holes in the software. You are very well advised to update your Safari browser – you can do so via Software Update, or by manually downloading Safari 4.0.2 (download location at the bottom of the article).As a little reminder, Apple rolled out Safari 4.0.1 less than a month ago. The update was meant to fix some compatibility issues between Safari and iPhone 09. Compared to the previous update, version 4.0.2 comes with a bit more grunt: it makes the Nitro JavaScript engine a bit more stable and fixes two vulnerabilities that might put your online security at risk – one may allow cross-site scripting attacks and the other might allow arbitrary code execution.
Here is a more detailed look at the security issues the Safari 4.0.2 update addresses:
CVE-ID: CVE-2009-1724
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
CVE-ID: CVE-2009-1725
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
If you would like to get Safari 4.0.2, you can download it straight from Apple here.
Don't forget to:
RSSTags: Apple, Safari 4.0.2, Update, Security
Link to this article:
Comments
w5g45bysr - 13 Jul 2009 07:14
good
nata - 11 Jul 2009 08:01
good luck, you has upatate safari
nata - 11 Jul 2009 08:01
good luck, you has upatate safari
Add comment:
Software News
Wolfram Alpha App 1.1 with Better Specialized Keyboards
The team behind computational knowledge engine Wolfram Alpha announced the release of an iPhone specific app last year, in October. The one thing that people complained about at the time...
The team behind computational knowledge engine Wolfram Alpha announced the release of an iPhone specific app last year, in October. The one thing that people complained about at the time...
09 Feb 2010
Linus Shows Nexus One Some Love, Google Shows Nexus One Users Some Love
Linus Torvalds, the father of Linux, says that when he got the original Google Phone, the G1, he was unimpressed. At the time Google gave him the device – that what I meant by “he got the G1”. Linus, who says...
Linus Torvalds, the father of Linux, says that when he got the original Google Phone, the G1, he was unimpressed. At the time Google gave him the device – that what I meant by “he got the G1”. Linus, who says...
09 Feb 2010
Google Superbowl Ad Draws Attention to the Need for Privacy
Back in January, on International Data Privacy Day, Mountain View-based search engine giant drew attention to its guiding privacy principles. In case you’re not familiar with...
Back in January, on International Data Privacy Day, Mountain View-based search engine giant drew attention to its guiding privacy principles. In case you’re not familiar with...
09 Feb 2010
Free Software Alert: EASEUS Partition Master Professional Edition 5.0.1
The latest release of EASEUS Partition Master Professional Edition is version 5.0.1, and the company that developed the software is now giving it away for free. But you need to hurry up. This is a time limited offer...
The latest release of EASEUS Partition Master Professional Edition is version 5.0.1, and the company that developed the software is now giving it away for free. But you need to hurry up. This is a time limited offer...
09 Feb 2010
MSN Games and Windows Live Messenger Welcome FarmVille
The short description of FarmVille is this: “FarmVille is a game where you can farm with your friends.” Basically you get a plot of land and you have to plant crops, harvest them, make money to buy...
The short description of FarmVille is this: “FarmVille is a game where you can farm with your friends.” Basically you get a plot of land and you have to plant crops, harvest them, make money to buy...
09 Feb 2010
Bill Cosby Is Not Dead, Just the Victim of Malware Spreaders
It’s the Kanye West and Johnny Depp story all over again. People with malicious intent have started a rumor that popular comedian and actor Bill Cosby, 72, died of natural causes, in his chair at home....
It’s the Kanye West and Johnny Depp story all over again. People with malicious intent have started a rumor that popular comedian and actor Bill Cosby, 72, died of natural causes, in his chair at home....
09 Feb 2010
Recommended Tools
Registry Booster 2010 Enhanced, deeper and faster error scan performance. Now also in 5 languages! Free Scan
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent