By George Norman - Software News Editor
Added on 10 Jul 2009(687 Views)
Cupertino-based software developer Apple has rolled out an update for its web browser, Safari 4.0.2. This update is meant to improve the stability of the Nitro JavaScript engine according to Apple, and it is also meant to address a couple of security holes in the software. You are very well advised to update your Safari browser – you can do so via Software Update, or by manually downloading Safari 4.0.2 (download location at the bottom of the article).

As a little reminder, Apple rolled out Safari 4.0.1 less than a month ago. The update was meant to fix some compatibility issues between Safari and iPhone 09. Compared to the previous update, version 4.0.2 comes with a bit more grunt: it makes the Nitro JavaScript engine a bit more stable and fixes two vulnerabilities that might put your online security at risk – one may allow cross-site scripting attacks and the other might allow arbitrary code execution.


Here is a more detailed look at the security issues the Safari 4.0.2 update addresses:

CVE-ID: CVE-2009-1724

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack

Description: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

CVE-ID: CVE-2009-1725


Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

Description: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.


If you would like to get Safari 4.0.2, you can download it straight from Apple here.





Don't forget to:

RSS


Tags: Apple, Safari 4.0.2, Update, Security

Link to this article:


Comments

w5g45bysr - 13 Jul 2009 07:14
good
nata - 11 Jul 2009 08:01
good luck, you has upatate safari
nata - 11 Jul 2009 08:01
good luck, you has upatate safari

Add comment:
Name(Required)
Email(Required - Never shown)
Website(Optional)
Comment(Required):

Insert the following code:
Software News
Fun Friday Feature: Cry Translator iPhone App
I remember that some obscure school teacher once told me that speech separates man from beast. Now I always found that reasoning to be somewhat flawed. What about parrots? They can speak – sort of. Or...
06 Nov 2009
Chrome 3.0 and 4.0 Updated on the Stable and Dev Channel
The guys over at Google are keeping as busy, of not more so, as the guys over at Mozilla. While the Mozilla Foundation has recently released Firefox 3.6 Beta 1 and Firefox 3.5.5, Mountain View-based search engine giant Google ...
06 Nov 2009
November 09 Patch Tuesday: 6 Security Bulletins, 15 Vulnerabilities
Next week’s first two days are already booked. On Monday, the 9th of November, we will be celebrating Firefox’s 5th anniversary. On Tuesday, we will focus on something less entertaining, mainly patching our...
06 Nov 2009
Firefox 3.5.5 Update Released
The Mozilla Foundation has released another update for its browser, mainly Firefox 3.5.5. The update follows in the footsteps of Firefox 3.5.4, an update that was released about a week back...
06 Nov 2009
iTunes 9.0.2 Update Loves Apple TV 3.0 Software, Breaks Palm Pre Syncing (Again)
Cupertino-based software developer Apple has recently updated its digital media player iTunes to version 9.0.2. The update, which follows in the footsteps of iTunes 9.0.1 and iTunes 9.0, brings forth one significant new change...
05 Nov 2009
Blacksn0w: Unlock Tool for the iPhone 3G and 3GS
Great news for iPhone 3G and iPhone 3GS users that updated the device to baseband version 05.11; or iPhone 3G and iPhone 3GS users that bought the device with an updated baseband. Original iPhone hacker...
05 Nov 2009
Recommended Tools

Top Downloads