The vulnerabilities range from cross-site scripting to remote code execution.
Another flaw in the browser could allow for a URL to be displayed without the page itself being loaded. Apple warned that this could be exploited by an attacker to spoof legitimate sites by displaying normal URLs with forged web pages.
The fourth vulnerability is a flaw in the browser's WebKit component. An attacker could use a malformed URL to exploit the vulnerability and perform a cross-site scripting attack.
Users can download the Safari update through Apple's Software Update application or from the company's Safari download site.
Apple patches critical Safari holes
By Shaun Nichols on Apr 18, 2008 7:15AM