Apple has released an update to its
Safari browser to fix two security flaws that could allow
cross-site scripting or code execution attacks by compromised
websites.
The vulnerabilities in the open source WebKit browser engine
affect Safari for Windows (XP and Vista) and Mac OS X, according to
the Apple support
site.
Safari 4.0.2 has improved handling of "parent and top objects"
and improved handling of "numeric character references" to address
these vulnerabilties, said Apple.
Safari 4.0.2 is available via the Apple Software Update
application or Apple's
Safari download
site.
