Apple has released this year's seventh Security Update for versions of Mac OS X Client and Server (Leopard and Tiger, Intel and PPC) patching quite a number of holes. Apple Security Update 2008 – 007 is available either through the Software Update Mechanism from the Apple Menu, or as a standalone installer package downloadable right here on our website.

The update touches the latest versions of Mac OS X operating system, Mac OS X 10.4.11, Mac OS X 10.5.5, both Client and Server, mainly patching holes in the system that allowed for arbitrary code execution. The update also addresses several other vulnerabilities, one of which was the Weblog Server. Apple's patch fixed an issue where users with multiple short names on the access control list would cause the server not to observe access rules properly. From Apple's support page, talking About Security Update 2008-007...

Weblog

CVE-ID: CVE-2008-4215

Available for: Mac OS X Server v10.4.11


Impact: Access control on weblog postings may not be enforced

Description: An unchecked error condition exists in the weblog server. Adding a user with multiple short names to the access control list for a weblog posting may cause the Weblog server to not enforce the access control. This issue is addressed by improving the way access control lists are saved. This issue only affects systems running Mac OS X Server v10.4.

Security Update 2008-007 is recommended for all users of Mac OS X Client and Server, and improves the security of the operating system. As always, previous security updates have been incorporated into this release. Although the Software Update utility should prompt you to install this update soon after you've fired up your Mac, Apple advises to download the package and install it, to make sure that you have the latest updates on your Mac. You can choose to download your version of the standalone installer package using the links below.

Apple Security Update 2008-007

Apple Security Update Server 2008-007