Blog Post

Safari 4.0.2 Addresses Security, Stability


Apple (s aapl) has released version 4.0.2 of Safari for both OS X 10.4 and 10.5 (but not Snow Leopard), as well as Windows XP, Vista and 7 beta. The 40MB update is available through Software Update and download via Apple’s web site.

The release notes, cryptic as usual, state the update improved “the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.” A Knowledge Base article states that 4.0.2 addresses two vulnerabilities: cross-site scripting attacks and arbitrary code execution. Both of these vulnerabilities require visiting “maliciously crafted web sites,” but nonetheless are excellent reasons to update. Of course, the Mac version requires a restart, as updating Safari updates WebKit and the associated frameworks.

Those hoping for other changes, like a return of page loading progress in the address bar, or the refresh button going back to the left of the address bar, will be disappointed. Top tabbers, those who preferred the short-lived experiment of tabs being in the title bar, are also going to be displeased. It’s time to let go. Upgrading from the Safari 4 beta has to happen sooner or later, and what better reason than better security?

4 Responses to “Safari 4.0.2 Addresses Security, Stability”

  1. Donna C

    Never mind. I found it. Jeez, I was just getting used to Safari (new Mac user) and they had to go change it. I liked the refresh button and loading indicator where they were.

  2. Donna C

    I just did this update, and now my refresh button is missing from the toolbar. I went to customize toolbar, refresh is not even an option?

  3. How come the update is so big? My current is 28.2 MB when compressed with default settings. Compressing it with bzip2 takes it down to 18.1 MB.

  4. There was a bug in Safari 4.0 that would cause it to crash when visiting certain sites (ironically enough, like the online Apple Store) if certain applications were installed.

    I know this because my application LazyMouse was one of these applications.

    Safari 4.0.2 seems to have fixed this bug. So if you run LazyMouse, VoiceOver or any other app that uses Access for Assistive Devices, I highly recommend you upgrade to Safari 4.0.2.

    J. Wardell
    Founder, Old Jewel Software