Apple has issued a security update for Mac OS X, which fixes two vulnerabilities.

1) An invalid type conversion when rendering frame sets in WebKit can
be exploited to corrupt memory and can be exploited to execute
arbitrary code when a user visits a malicious website.

2) An input validation error in the processing of headers passed to the
“XMLHttpRequest” object in WebCore can be exploited to inject arbitrary
HTTP requests.

Apply Security Update 2007-006.