Apple on Wednesday issued a security update that fixes 18 vulnerabilities including several that put computers running Mac OS X at risk of remote code execution if a maliciously crafted image is viewed.
In addition to fixing a problem with how PNG images are handled, Security Update 2009-003 fixes issues related to ImageIO's handling of OpenEXR images, EXIF metadata, as well as Canon RAW images and images with an embedded ColorSync profile.
The update, which arrives as part of the release of Mac OS X v10.5.8, extends the list of content types the Mac OS X will flag as potentially unsafe when downloaded from the Web. It also fixes a problem with how XML content is handled and resolves the way the kernel handles AppleTalk response packets.
Apple also identified and fixed a problem with MobileMe. Signing out of MobileMe does not remove all credentials and a person with access to the local user account could continue to access associated systems.