14 DAY TRIAL // Alongside the highly anticipated Leopard update to version 10.5.6, Apple has also issued its usual laundry of security updates for all users of Mac OS X. Whether you're an Intel Leopard user or a PPC Tiger person, Client, or Server, an update is now awaiting installation on your machine.
On all sides of the Mac OS, “Security Update 2008-008 is recommended for all users and improves the security of Mac OS X,” Apple's notice goes. “Previous security updates have been incorporated into this security update,” the company assures customers.
Talking about the security content of Security Update 2008-008 / Mac OS X v10.5.6, Apple reveals that there were quite a few holes to patch on both the Server and Client versions of Leopard. For instance, a bug prevented Leopard from displaying a warning when the user attempted to launch unsafe downloaded content. Apple found this vulnerability in Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5, and described it as follows:
Description: Mac OS X provides the Download Validation capability to indicate potentially unsafe files. Applications such as Safari and others use Download Validation to help warn users prior to launching files marked as potentially unsafe. This update adds to the list of potentially unsafe types. It adds the content type for files that have executable permissions and no specific application association. These files are potentially unsafe as they will launch in Terminal and their content will be executed as commands. While these files are not automatically launched, if manually opened they could lead to the execution of arbitrary code.
While fixing the issue with Security Update 2008-008, Apple gladly points out that it does not affect systems prior to Mac OS X v10.5.
Multiple vulnerabilities in Adobe Flash Player plug-in have also been dealt with, according to the support document listing the vulnerability available for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5. Apple notes that “multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted website.”
It has discovered that the issues are addressed by updating the Flash Player plug-in to version 9.0.151.0. By offering the 2008-008 update, the company hopes to have dealt with this vulnerability as well. Adobe Systems itself has some information on the bug, here.
Mac OS X users must acknowledge that security updates may also be available for software released independently from Mac OS X. Apple packages Software Updates in a manner that keeps systems secure. Security updates are only offered to systems that need the update, and not to later versions that have it incorporated. You may download the new updates' standalone installers using one of the two links below. Alternately, you can fire up Software Update from the Apple menu to get the security application suitable for your system.
Apple Security Update 2008-008 Client - Leopard / Tiger; Intel / PPC (Free)
Apple Security Update 2008-008 Server - Leopard / Tiger; Intel / PPC (Free)