Apple has released an update to its Safari browser to fix two security flaws that could allow cross-site scripting...
or code execution attacks by compromised websites.
The vulnerabilities in the open source WebKit browser engine affect Safari for Windows (XP and Vista) and Mac OS X, according to the Apple support site.
Safari 4.0.2 has improved handling of "parent and top objects" and improved handling of "numeric character references" to address these vulnerabilties, said Apple.
Safari 4.0.2 is available via the Apple Software Update application or Apple's Safari download site.