'

Security Update 2007-009 fixes 42 Leopard vulnerabilities

Security Update 2007-009 (35.4MB) addresses 42 vulnerabilities in first update to Mac OS 10.

Security Update 2007-009 (35.4MB) addresses 42 vulnerabilities in first update to Mac OS 10.5.1 (Leopard) and is waiting in your Software Update. According to Apple:

Security Update 2007-009 fixes 42 Leopard vulnerabilities

Security Update 2007-009 is recommended for all users and improves the security of the following components:

Core Foundation CUPS Flash Player Plug-in Launch Services perl python Quick Look ruby Safari Samba Shockwave Plug-in Spin Tracer

 

Apple's security update document (Article 61798) explicitly states that "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."

In case you're wondering what the update really fixes, Beta Wize Blog breaks it down for us:

  • FNetwork--patch to keep the system from automatically downloading files from malicious Web sites into arbitrary folders.
  • CUPS--fixes for a memory corruption issue in the handling of Internet Printing Protocol tags that could lead to an application crash or arbitrary code execution.
  • Flash Player Plug-in--fixes Adobe vulnerabilities.
  • Launch Services--Keeps the system from opening a maliciously crafted HTML file may lead to information disclosure or cross-site scripting
  • Mail--keeps Leopard from opening an executable mail attachment may lead to arbitrary code execution with no warning.

You can rest the rest over at Beta Wize Blog.