Apple has released Security Update 2008-007 for both Leopard (Mac OS X
10.5.5) and Tiger (Mac OS X 10.4.11). The new release is available via
Software Update or the following download links:
- Security Update 2008-007 Server (Universal) [199MB]
- Security Update 2008-007 Server (PPC) [123MB]
- Security Update 2008-007 Client (PPC) [70MB]
- Security Update 2008-007 Client (Intel) [161MB]
- Security Update 2008-007 Server (Leopard) [125MB]
- Security Update 2008-007 Client (Leopard) [31.MB]
Among the security enhancements in this lease:
- Finder "A maliciously crafted file on the Desktop
which causes Finder to unexpectedly terminate when generating its icon
will cause Finder to continually terminate and restart. Until the file
is removed, the user account is not accessible via Finder's user
interface. This update addresses the issue by generating icons in a
separate process. This issue does not affect systems prior to Mac OS X
v10.5. Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting
this issue." - QuickLook "A signedness issue exists
in QuickLook's handling of columns in Microsoft Excel files may result
in an out-of-bounds memory access. Downloading or viewing a maliciously
crafted Microsoft Excel file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of Microsoft Excel files.
This issue does not affect systems prior to Mac OS X v10.5. Credit:
Apple." - Network A heap buffer overflow exists in
the local IPC component of configd's EAPOLController plugin, which may
allow a local user to obtain system privileges. This update addresses
the issue through improved bounds checking. Credit: Apple.
For a full list of enhancements, see this document.
Source : http://www.macfixit.com/
