Apple released Security Update 2007-006 on Friday. The update addresses potential vulnerabilities in WebCore and WebKit for Mac OS X 10.3.9 and Mac OS X 10.4.9 and later.
The update fixes a problem in WebCore where a maliciously-crated Web site could allow cross-site requests that launch scripting attacks. The update also fixes a WebKit flaw that could lead to unexpected application termination or arbitrary code execution when visiting a maliciously-crafted Web site.
Security Update 2007-006 is available via the Software Update application, or as downloadable installers from the Apple Support Web site. Versions for Mac OS X 10.3.9, Mac OS X Tiger (PPC only), and Mac OS X Tiger (Universal) are available.