14 DAY TRIAL // Apple quietly released a slew of updates yesterday evening, patching quite a few holes on both the Tiger and Leopard fronts. The newly released updates are available free of charge for all Mac users running Mac OS X 10.4 (Tiger) or Mac OS X 10.5 (Leopard), Client and Server.
Apple's Support section reveals that the Security Update 2009-001 for Leopard and Tiger “is recommended for all users and improves the security of Mac OS X.” Apple also confirms that “previous security updates have been incorporated into this security update.” Talking about Security Update 2009-001 Server, Apple again notes that installing the new software is highly recommended for all servers as it “improves the security of Mac OS X [Server].”
The company behind the Mac operating system also links to a knowledge base article detailing the full contents of the 2009-001 Security Update for Tiger and Leopard. We'll be posting a separate article on those details. For now, readers can skim through the list below to see some of the vulnerabilities Apple hopes to have fixed with Security Update 2009-001.
AFP Server
Impact: A user with the ability to connect to AFP Server may be able to trigger a denial of service (Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6)
Apple Pixlet Video
Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution (Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6)
CarbonCore
Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution (Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6)
CFNetwork
Impact: Restores proper operation of cookies with null expiration times (Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6) Impact: Restores proper operation of session cookies across applications (Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6)
Certificate Assistant
Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant (Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6)
ClamAV
Impact: Multiple vulnerabilities in ClamAV 0.94 (Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6)
CUPS
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination (Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6)
Safari RSS
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution (Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6)
X11
Impact: Multiple vulnerabilities in X11 server (Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6) Impact: Multiple vulnerabilities in FreeType v2.1.4 (Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11).
Download Security Update 2009-001 Tiger Client (Free) Download Security Update 2009-001 Tiger Server (Free)