Apple Safari patches against cross-site scripting attacks

Apple has released a security update to its Safari browser to fix flaws that could have left users open to attack.

Safari 4.0.2 fixes vulnerabilities that were flagged up in its open source web browser engine WebKit, and affected Mac OS X and Windows XP or Vista.

One of the flaws could have left users open to a cross-site scripting attack if they visited a malicious website.

The other vulnerability could have led to an application being terminated or an attacker having the ability to execute malicious code on a target's computer.

This is the first patch for the Safari browser since Apple released a new version back at the beginning of June from beta.