updated 04:45 pm EDT, Wed July 8, 2009
Safari 4.0.2 update
Two security fixes identified by Apple address vulnerabilities in WebKit, the browser's main rendering engine. Gone is a problem with parent and top objects, which could be used to trigger cross-site scripting attacks. The second fix targets bad handling of numeric character references, which in the past could be used to crash a browser, or else run arbitrary code.