Safari 4.0.2 addresses WebKit vulnerabilities
A critical vulnerability caused by a memory corruption issue in WebKit's handling of numeric character references that could allow for the execution of arbitrary code, has been closed. A second vulnerability caused by an issue with WebKit's handling of the parent and top objects that could have lead to a cross-site scripting attack, has also been fixed. For the attacks to be successful, a victim must first visit a maliciously crafted website.
All users are advised to update their browsers as soon as possible. Safari 4.0.2 is available to download for Windows XP, Vista, Mac OS X 10.4.11 and 10.5.7.
- About the security content of Safari 4.0.2, Apple security advisory.