Apple patches two critical Safari bugs

Apple has released an update for its Safari 4 web browser, which fixes two serious vulnerabilities that could allow an attacker to conduct a cross-site scripting attack or take over a user's system.

The update, Safari 4.0.2, was made available on Wednesday. Independent security vendor Secunia gave the flaws addressed by the update a "highly critical" ranking. The bugs affect both the Windows and Mac versions of Safari.

Both of the flaws affect WebKit, the open-source layout engine used in Safari. The more serious of the two bugs is a memory corruption problem in WebKit's handling of numeric character references, which could allow an attacker to execute malicious code on a user's system via a specially crafted website, Apple said in an advisory. The vulnerability could also allow an intruder to shut down the application.

The second bug is an input validation problem with WebKit's handling of parent and top objects. This vulnerability could allow a website to execute HTML and scripting code in the security context of another website, in what is known as a cross-site scripting attack. "This update addresses the issue through improved handling of parent and top objects," Apple said in the advisory.

The bugs are fixed in update 4.0.2, which can be downloaded from Apple Downloads or via Mac OS X's built-in Software Update mechanism, according to the company.

Safari 4 was brought out of beta last month, with new features such as the accelerated Nitro JavaScript engine.