Apple have released Safari 4.0.3, a security update for the Safari web browser, to address a number of issues. Six problems are addressed; critical bugs, including a heap buffer overflow when drawing long text strings and a buffer overflow when handling EXIF metadata on Windows XP and Vista which may lead to arbitrary code execution or crashes. Another buffer overflow, this time in WebKit, affects Windows and Mac OS X, and could lead to crashes or malicious code execution.

Other issues include the ability for a malicious web site to promote arbitrary sites into Safari’s “Top Sites” page, disclosure of sensitive information, launching of file URLs and fixes to the handling of look-a-like characters in domain names. The update is available through Apple’s Software Update service, or to download.