X
Business
Home Business Companies Apple

Apple plugs dangerous Safari security holes

Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks.
Written by Ryan Naraine, Contributor

safarismbrowser.png
Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks.

The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X.

Here are the raw details:

  • CVE-2009-1724: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
  • CVE-2009-1725: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.

Safari 4.0.2 is available via the Apple Software Update application or Apple's Safari download site.

Editorial standards
Show Comments

Related

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

pxl-20240424-181716738

Facebook's Meta AI is lying when it says you can disable it - but here's what you can do

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo