Today, Apple unleashed it’s latest round of updates for the Mac OS X 10.6 Snow Leopard and 10.5 Leopard systems. These updates are large in size and fix a slew of vulnerabilities.
This update fixes a few bugs regarding the following:
- Printing Reliability
- The “the Accounts preference pane can now limit login to members of groups hosted by a non-Apple directory service, such as Active Directory.”
- Relability related to Quicktime X
- Airport Wake / Sleep options for current iMacs when connected to Wireless networks
- Daylight Saving Time rules for a few countries
- iCal notifications when new invitations appeared from a Microsoft Exchange Server
- An issue that could cause Mail to delete a mailbox from an exchange server behind a load balancer
- Ability for Parental controls regarding Safari bookmarks.
- Reliability when doing a Time Machine to Time Machine copy including multiple computers.
The Informational documents are located via the links below:
10.5 Leopard:
Mac OS X 10.5 Leopard Client Security Update 2010-002
Mac OS X 10.5 Leopard Server Security Update 2010-002
10.6 Snow Leopard:
Mac OS X 10.6.3 Client Updater
Mac OS X 10.6.3 Client Combo Updater
Mac OS X 10.6.3 Server Updater
Mac OS X 10.6.3 Server Combo Updater
The links to the download pages are as follows:
10.5 Leopard:
Mac OS X 10.5 Security Update 2010-002 (Leopard Client) (78.39 MB)
Mac OS X 10.5 Security Update 2010-002 (Leopard Server) (361.40 MB)
10.6 Snow Leopard:
Mac OS X 10.6.3 Client Updater (719.23 MB)
Mac OS X 10.6.3 Client Combo Updater (784.00 MB)
Mac OS X 10.6.3 Server Updater (831.31 MB)
Mac OS X 10.6.3 Server Combo Updater (897.32 MB)
Some of the Security fixes included with this latest update are as follows:
10.5 Leopard Specific:
- Clam AV: a configuration error introduced in Security Update 2009-005 would stop ClamAV from updating (CVE-2010-0058).
- PHP: Multiple vulnerabilities were fixed and PHP was updated to version 5.2.11 (CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142, CVE-2009-4143).
10.6 Snow Leopard Specific:
- Desktop Services: A Finder bug may have misassigned the owner of a file when it was copied (CVE-2010-0537).
- MySQL: Multiple bugs were fixed and Mysql has been updated to 5.0.88 (CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030).
- PHP: Multiple vulnerabilities were fixed and PHP was updated to version 5.3.1 (CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017).
- QuickTime: 9 different vulnerabilties were found and fixed in Quicktime.
Common vulnerabilities:
- Apache’s Webserver had a vulnerability that would allow a user to bypass access control (CVE-2009-3095).
- CUPS (Unix Printing): a format string error may allow a local user to gain system privledges, thereby allowing them to do some damage (CVE-2010-0393).
- iChat Server: A user may have been able to cause a denial of service of the iChat Server (CVE-2006-1329).
- Mail: An account that had been deleted may still have it’s rules applied (CVE-2010-0537).
The full security list is located at Apple’s Support website.
Mac OS X 10.6.3 is recommended for all Snow Leopard Users, and the Security Update is recommended for all 10.5 Leopard Users. You can use Apple’s Software Update Utility or any of the links above to get your copy today.
