Apple released a minor point release of its Safari Web browser this afternoon. The update mostly addresses a few security issues, though it does have a few performance and stability improvements.
To start, Safari 4.0.4 includes six separate security patches. Three are for issues with WebKit, the rendering engine that powers Safari—one for HTML5 media object handling, FTP server connections (on Windows), and Cross-Origin Resource Sharing (CORS) implementation, all of which had potential security vulnerabilities. The Safari application itself had an issue with the "open in new window/tab" contextual menu items that could result in loading local HTML files, which could then lead to possible "disclosure of sensitive information." Issues with libxml2 and Color-Sync could also allow specially crafted files to lead to "unexpected application termination or arbitrary code execution."
In addition to the security fixes, the update also includes a few performance improvements. Web applications rely on JavaScript for a lot of functionality, so JavaScript performance improvements in Safari 4.0.4 are always welcome. Of note for heavy users (like those of us in Orbiting HQ) are performance improvements when searching through "a large number of history items." There are also non-specific stability improvements for 3rd-party plug-ins, the search field, and Yahoo Mail.
Safari 4.0.4 is available via Software Update for both Mac and Windows. A direct download is also available on Apple's Safari Download page.
reader comments
18