Apple releases Safari security update

Apple makes available patches for two WebKit vulnerabilities and Safari 3 Javascript flaw.

Computing giant Apple has released an update for the Safari 3 browser, addressing security vulnerabilities in both the Mac and Windows versions of the product.

Safari 3.0.2 improves stability on both platforms and provides improved WebKit support for Mail, iChat and Dashboard on Mac OS X. The Windows update includes fixes for text display, non-English systems, and start-up times.

The update also includes fixes for two vulnerabilities in OS X's WebKit and WebCore. These are also available for users of Safari 2 in the available via Software Update or from apple.com/support/downloads.

The WebCore flaw could permit cross-site requests and addresses the issue by performing additional validation of header parameters. The WebKit flaw could lead to an unexpected application termination or arbitrary code execution as a result of an invalid type conversion when rendering frame sets that could lead to memory corruption.