14 DAY TRIAL // Security Update 2009-005 is recommended for all Mac OS X Leopard and Tiger users, as it improves the security of Mac OS X. The release, which patches a total of 16 vulnerabilities, incorporates previous security updates as well. The update is aimed at users of Mac OS X Leopard and Tiger, Client and Server versions, Intel and PowerPC.
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, one issue found by none other than Apple is described as follows: “A buffer overflow exists in the handling of alias files. Opening a maliciously crafted alias file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.”
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, a null pointer dereference exists in CUPS, Apple says. “By repeatedly sending maliciously crafted scheduler requests, a remote attacker may be able to deny access to the Printer Sharing service,” the company explains. “This update addresses the issue through improved validation of scheduler requests. This issue does not affect Mac OS X v10.6 systems,” according to the bug’s description. Apple credits Anibal Sacco of the CORE IMPACT Exploit Writing Team (EWT) at Core Security Technologies for reporting the issue.
By installing Security Update 2009-005, Mac OS X users will also be updating MySQL to version 5.0.82 to address an implementation issue that allows a local user to obtain elevated privileges. “This issue only affects Mac OS X Server systems. This issue does not affect Mac OS X v10.6 systems,” according to Apple. To see all the issues fixed in Security Update 2009-005, visit Apple’s Support section here.