Apple has posted the v4.0.2 update to Safari, its Mac and Windows web browser. The patch implements a relative handful of changes, primarily upgrading the Nitro engine to include new security and compatibility fixes. Nitro is responsible for JavaScript rendering, and is thus linked with many speed improvements over Safari 3.

Two security fixes identified by Apple address vulnerabilities in WebKit, the browser's main rendering engine. Gone is a problem with parent and top objects, which could be used to trigger cross-site scripting attacks. The second fix targets bad handling of numeric character references, which in the past could be used to crash a browser, or else run arbitrary code.