14 DAY TRIAL // A hefty 143MB download is required on behalf of those who wish only to address the latest security holes found in Mac OS X. Incorporated in the Mac OS X 10.6.2 update as well, Security Update 2009-006 delivers a whopping 44 code corrections on its own.
Among almost four dozen vulnerabilities, discovered with the help of security researchers as well as Apple’s own developers, the Mac maker mentions CoreGraphics and CoreMedia fixes, holes plugged in CUPS and Dictionary, a flaw discovered in Mac OS X that would lead to application termination or arbitrary code execution by downloading a maliciously crafted disk image, and more of the usual stuff.
“Security Update 2009-006 is recommended for all users and improves the security of Mac OS X,” according to the company developing Mac OS X. “Previous security updates have been incorporated into this security update,” Apple informs.
A Spotlight fix included with Security Update 2009-006, for example, is available for Mac OS X v10.5.8 and Mac OS X Server v10.5.8, meaning it does not affect Snow Leopard, the latest version of Apple’s operating system. However, a great deal of Mac owners are still heavily relying on Mac OS X version 10.5 (Leopard), just as most of Microsoft’s loyal customers are still relying on Windows XP. The flaw is described as follows:
“An insecure file operation exists in Spotlight's handling of temporary files,” Apple explains via the Support segment of its web site. “This could allow a local user to overwrite files with the privileges of another user. This update addresses the issue through improved handling of temporary files. This issue does not affect Mac OS X v10.6 systems,” the company states.
Another Leopard-specific fix is contained in this security update, for an integer overflow in QuickLook's handling of Microsoft Office files, which can lead to a buffer overflow, according to Apple. “Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution,” the company stresses. “This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X v10.6 systems.”
The 2009-006 security update seems imperative for Mac OS X Leopard and Snow Leopard users alike, as it addresses almost an equal number of weak spots across both OS versions.