In association with heise online

09 July 2009, 08:55

Safari 4.0.2 addresses WebKit vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has closed two vulnerabilities in Safari 4, its web browser built on the open source WebKit browser engine, for Windows and Mac OS X. In addition to stability improvements to the Nitro JavaScript engine, Safari 4.0.2 addresses two WebKit vulnerabilities that could allow for the execution of arbitrary code or lead to a cross-site (XSS) scripting attack.

A critical vulnerability caused by a memory corruption issue in WebKit's handling of numeric character references that could allow for the execution of arbitrary code, has been closed. A second vulnerability caused by an issue with WebKit's handling of the parent and top objects that could have lead to a cross-site scripting attack, has also been fixed. For the attacks to be successful, a victim must first visit a maliciously crafted website.

All users are advised to update their browsers as soon as possible. Safari 4.0.2 is available to download for Windows XP, Vista, Mac OS X 10.4.11 and 10.5.7.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-742413
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit