Security Update 2007-009 (35.4MB) addresses 42 vulnerabilities in first update to Mac OS 10.5.1 (Leopard) and is waiting in your Software Update. According to Apple:
Security Update 2007-009 is recommended for all users and improves the security of the following components:
Core Foundation
CUPS
Flash Player Plug-in
Launch Services
perl
python
Quick Look
ruby
Safari
Samba
Shockwave Plug-in
Spin Tracer
Apple's security update document (Article 61798) explicitly states that "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."
In case you're wondering what the update really fixes, Beta Wize Blog breaks it down for us:
FNetwork--patch to keep the system from automatically downloading files from malicious Web sites into arbitrary folders.
CUPS--fixes for a memory corruption issue in the handling of Internet Printing Protocol tags that could lead to an application crash or arbitrary code execution.
Flash Player Plug-in--fixes Adobe vulnerabilities.
Launch Services--Keeps the system from opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
Mail--keeps Leopard from opening an executable mail attachment may lead to arbitrary code execution with no warning.
