Apple today released Safari which is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes, including:
• WebKit
CVE-ID: CVE-2009-1724
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: An issue in WebKit’s handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.
• WebKit
CVE-ID: CVE-2009-1725
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.7, Mac OS X Server v10.5.7, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit’s handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue.
Safari is available via Software Update and also as a standalone installer.
More info and download link here.
[Thanks to MacDailyNews Reader “dslarsen” for the heads up.]
