/>
X
Business

Apple plugs dangerous Safari security holes

Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks.
Written by Ryan Naraine, Contributor on

Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks.

The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X.

Here are the raw details:

  • CVE-2009-1724: An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
  • CVE-2009-1725: A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.

Safari 4.0.2 is available via the Apple Software Update application or Apple's Safari download site.

Editorial standards

Related

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site
Airplane wing in flight

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site

You can use an AI Time Machine to see what you'd look like in different eras throughout history
Photo renderings of a woman throughout different decades using AI Time Machine

You can use an AI Time Machine to see what you'd look like in different eras throughout history

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for
garmin-index-bpm-lifestyle

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for