Security Update 2007-009 (35.4MB) addresses 42 vulnerabilities in first update to Mac OS 10.5.1 (Leopard) and is waiting in your Software Update. According to Apple:
Security Update 2007-009 is recommended for all users and improves the security of the following components:
Core Foundation CUPS Flash Player Plug-in Launch Services perl python Quick Look ruby Safari Samba Shockwave Plug-in Spin Tracer
Apple's security update document (Article 61798) explicitly states that "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."
In case you're wondering what the update really fixes, Beta Wize Blog breaks it down for us:
- FNetwork--patch to keep the system from automatically downloading files from malicious Web sites into arbitrary folders.
- CUPS--fixes for a memory corruption issue in the handling of Internet Printing Protocol tags that could lead to an application crash or arbitrary code execution.
- Flash Player Plug-in--fixes Adobe vulnerabilities.
- Launch Services--Keeps the system from opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
- Mail--keeps Leopard from opening an executable mail attachment may lead to arbitrary code execution with no warning.
You can rest the rest over at Beta Wize Blog.