Apple yesterday released Security Update 2006-007 for Mac OS X 10.3.9 through 10.4.8. The update, which is available in Software Update and from Apple Downloads, weighs in at 23.9 MB (for Intel) and is available in several flavors.
Despite Apple's policy that it "does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available," some pretty good information about the 2006-007 update is posted on the "About the security content" page.
Other flaws addressed by the Apple update could let Macs be compromised through malicious sites, rigged compressed files or malicious font files, Apple said. The update also fixes four flaws in the Mac OS X Security Framework, the worst of which could crash Macs or display expired security certificates as still valid, Apple said.
Security Update 2006-007 is recommended for all users and improves the security of the following components: AirPort ATS CFNetwork Finder Font Book Font Importer Installer OpenSSL PHP PPP Samba Security Framework VPN WebKit gnuzip perl