Apple has released the latest version of its Safari web browser, which is offers security protection against two WebKit vulnerabilities. Safari 4.02 corrects a vulnerability where visiting a maliciously crafted website might lead to a cross-site scripting attack. An issue in WebKit's handling of the parent and top objects might result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects.

Te new version also addressed an issue where visiting a maliciously crafted website might lead to an unexpected application termination or arbitrary code execution. A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website might lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references.

Safari 4.0.2 can be downloaded and installed via Software Update preferences, or from Apple Downloads.