Apple releases security update for Mac OS X and OS X Server v. 10.4.11

Apple released a hefty security update for the Mac OS X and OS X Server on Wednesday that fixes more than 40 vulnerabilities, a number of which could be exploited to enable someone to run programs on the machine remotely or lead to the disclosure of sensitive data.

Security Update 2008-003 is for Mac OS X v 10.4.11 and Mac OS X Server v 10.4.11. The fixes are included in the latest Leopard edition, Mac OS X v 10.5.3, which also was released on Wednesday.

The software fixes vulnerabilities that could have led to arbitrary code execution and/or unexpected application termination related implemntaton of: AFP Server, AppKit, Apple Pixlet Video, ATS, CoreFoundation, CoreGraphics, Flash Player Plug-in, Help Viewer, and iCal. The iCal vulnerability was discovered by Core Security, which last week announced it had found three vulnerabilities in iCal.

It also fixes vulnerabilities that could have led to disclosure of sensitive information related to implementation of technologies including CUPS, International Components for Unicode, and CFNetwork when visiting a maliciously crafted Web site due to an issue in Safari's SSL client certificate handling.

Meanwhile, other updates fix vulnerabilities that could lead to information disclosure and allow a local user to manipulate files with the privileges of another user in Mail; allow a remote attacker to read arbitrary files related to Ruby; expose passwords supplied to sso_util to other local users when using Single Sign-On; expose user names on servers with Wiki Server enabled to a remote attacker; and not warn users before opening certain potentially unsafe content types.

In addition, the software fixes a vulnerability that could lead to information disclosure when viewing a maliciously crafted BMP or GIF image and lead to unexpected application termination or arbitrary code execution when viewing a maliciously crafted JPEG2000 image file.

Security Update 2008-003 and Mac OS X v 10.5.3 are available from Apple's Software Downloads Web site.

[savvydude]

Cool. I ran Software Update this morning before the Security Update was announced. It downloaded flawlessly and my IMac has been running even better since.

[savvydude]

Cool. I ran Software Update this morning before the Security Update was announced. It downloaded flawlessly and my IMac has been running even better since.

[savvydude]

Cool. I ran Software Update this morning before the Security Update was announced. It downloaded flawlessly and my IMac has been running even better since.

[savvydude]

Cool. I ran Software Update this morning before the Security Update was announced. It downloaded flawlessly and my IMac has been running even better since.

[ballmerisanape]

savvydude isn't so savvy with regard to posting on the internet...

[idonnie]

No, savvydude just has a stuttering problem.
Glad to hear the update performed successfully.

[alegr]

No, it's just stupid open source Jive Software Java-based forum engine cannot figure out how to do what about every other forum engine does: Make posts appear as they's posted, not 30 minutes later (or even go to a bit bucket).

[celticbrewer]

Wait.. what 40 vulnerabilities? I thought Macs were perfect in every way especially in terms of security. It just goes to show that this OS is no better than any other.

[shycelticwitch]

Don't make such stupid comments until you have used both. I have, and with INTELLIGENCE I can make the statement that Windows SUCKS and Mac OSX ROCKS.

[jrm125]

smart comments usually provide evidence, stupid ones just trumpet a less-than-fact-based opinion.

Congratulations on being the latter.

[CredulousDolt]

yes, but at least *he* didn't get bitten on the ***** by an enraged toilet-snake:

http://www.nzherald.co.nz/section/2/story.cfm?c_id=2&objectid=10513361

[benjaminstraight]

Awesome. I got the update, by surprise, earlier.