Apple releases OS X Security Update 2006-007

Apple yesterday released Security Update 2006-007 for Mac OS X 10.3.9 through 10.4.8. The update, which is available in Software Update and from Apple Downloads, weighs in at 23.9 MB (for Intel) and is available in several flavors.

Despite Apple's policy that it "does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," some pretty good information about the 2006-007 update is posted on the "About the security content" page.

According to CNet's Joris Evers the update repairs 31 vulnerabilities, including a zero-day Wi-Fi hijack flaw:

Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.

Security Update 2006-007 is recommended for all users and improves the security of the following components:
AirPort
ATS
CFNetwork
Finder
Font Book
Font Importer
Installer
OpenSSL
PHP
PPP
Samba
Security Framework
VPN
WebKit
gnuzip
perl