FairerPlatform.com

The mothership has pushed out a patch for their default Mac OS X browser and, although it looks fairly nondescript, there’s powerful medicine under the hood vis-a-vis security.

• Safari 4.0.2, 40MB
— This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.

Image files are ’safe’ types that, once downloaded, are displayed by Safari without warning the user. An issue in Safari may cause it to be unable to identify the file type of certain local image files. In this case, Safari will examine the content of those files and may treat them as HTML. If a file contains JavaScript, it will be executed in the local context. For a downloaded file, this should not occur without first prompting the user. This issue is addressed by treating files of unknown type as generic binary data, and by correctly identifying the image file types known to have this issue.

For the uninitiated, this is the infamous cross-scripting vulnerability, one of those drive by nasties that Apple’s been slow in patching.

Click through for the Tiger and Windows versions of this patch.

Recent updates include:
— Stainless 0.6.5: Adds bookmark, download features
— Apple’s going deep, wide with Mac OS X 10.5.8
— iPhoto 8.0.4 Update: Addresses rare v8.0.3 crash

SAVE $35! Apple Mac Box Set now only $133.99 after rebate (was $169).
Save 43% over purchasing titles separately! ends 6/30

Filed under: Mac, Software