14 DAY TRIAL // Although the Mac OS X 10.5.5 Leopard software update patches all the security holes acknowledged lately, Apple has also released the package containing only the security fixes found in the major update. Users can download the installer package suitable for their hardware and OS for free.
Apple notes that the sixth Security Update (2008-006) released for the Client and Server versions (Intel, PPC and Universal) of its OS is recommended for all users, as it improves the security of their operating system. As always, previous security updates have been incorporated into this update, meaning that if you've skipped Security Update 2008-005 (or earlier versions), you can safely download and install this package, and not miss out on any of the patches.
On its Support section, Apple details the security content of Mac OS X v10.5.5 and Security Update 2008-006, pointing out to the affected elements of OS X Leopard. Tackling 25 bugs in total, the most noteworthy fix is related to a critical Internet security flaw that Apple failed to patch earlier this year.
Apple has fixed a flaw in the Mac OS X Libresolv DNS software, discovered by security researcher Dan Kaminsky and that could have allowed attackers to trick victims into visiting malicious websites using what's known as a “cache poisoning attack.” According to Andrew Storms, director of security operations with security vendor nCircle, although Internet Systems Consortium had patched Libresolv by the time Apple released its last security update, the bug fix was not included in the package. Tests have already confirmed that attempts of tricking users into visiting malicious sites are now more difficult to pull off, thanks to the address port randomization OS X now requires.
More common OS X components like the Finder and Time Machine, but also open-source components including Ruby ClamAV and OpenSSH, have also been patched in the latest security update from Apple.
A full breakdown of all the areas touched by the Security Update 2008-006 is available on Apple's Support section, here. You may download and install the free security update to Leopard using this here link. Installing Mac OS X 10.5.5 is not required, hence the purpose of this installer package – get the latest security fixes, leave the Leopard enhancements for the brave.
Security Update 2008-006 (PPC, Intel) Security Update Server 2008-006 (Universal, PPC)