Apple’s Safari 4 is being patched for a pair of security issues that affect both Mac and Windows versions. Both of the issues involve patches to WebKit.
One of the patched issues is a Cross Site Scripting (XSS) flaw. According to Apple’s advisory on the flaw:
“An issue in WebKit’s handling of the parent and top objects may result
in a cross-site scripting attack when visiting a maliciously crafted
website. This update addresses the issue through improved handling of
parent and top objects.”
The second issue is a memory corruption issue that could lead to a crash or possibly arbitrary code execution.
The 4.0.2 update is the first update to Safari since it came out of beta in June. If you’re a Safari user (I’ve got it running a Windows test box now) you should see an update notification today – so be sure to update!