14 DAY TRIAL // Alongside the Mac OS X 10.5.8 incremental update to Leopard, Apple has issued separate versions of the newest Security Update (2009-003) for Leopard and Tiger users. Both Intel and PPC versions of the 2009-003 Security Update address a total of 18 security issues discovered in Apple’s operating system. The update is free to download and install for all Tiger and Leopard users, and a highly recommended one at that.
In usual Apple manner, the Cupertino, Calif.-based company posted a Support document outlining the particularities of Security Update 2009-003, listing the newly-discovered issues and how the Mac maker was able to patch them all.
For example, decompressing maliciously crafted data could lead to an unexpected application termination, Apple says. The company explains that this occurred because of an out-of-bounds memory access that existed in bzip2. “This update addresses the issue by updating bzip2 to version 1.0.5,” Apple reveals. The bzip2 web site at http://bzip.org/ holds even more information on the bug.
Another issue allowed a website to control the displayed website URL in a certificate warning, the Support document reveals. Apple also improved validation of ColorSync profiles to avoid unexpected application termination or code execution when viewing images, while other bugs relate to Canon RA, PNG and OpenEXR images. Also worth noting is that signing out of the MobileMe preference pane now deletes all of the user's credentials, while the use of Multi-Touch gestures when the system is locked is now properly blocked. This prevents unauthorized users from managing applications or using Expose.
To download the Tiger / Leopard, Client / Server, Intel / PPC version of Security Update 2009-003, simply use the links below. Leopard users can also download the Mac OS X 10.5.8 Combo Update to apply both OS X 10.5.8 and Security Update 2009-003 in one shot.
Download Security Update 2009-003 Client (Free)