New
#1
Apple plugs dangerous Safari security holes
Apple has released Safari 4.0.2 to fix a pair of security flaws that could lead to cross-site scripting or remote code execution attacks. The vulnerabilities affect Safari for Windows (XP and Vista) and Mac OS X.
The patch solves an issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects. The patch also takes care of a memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
Thisupdate addresses the issue through improved handling of numeric character references.
More....