Apple has released a massive update for Mac OS X 10.5 and Mac OS X 10.4.11 that plugs security gaps in 20 Mac applications and features.
The update, released Oct. 9, is available on Apple’s Web site. Several of the patches deal with Mac OS X technologies, such as a fix for an issue in Script Editor to address a flaw that allows local users to cause the scripting dictionary to be written to an arbitrary path accessible by the user running the application. The update addresses the problem by creating the temporary file in a secure location.
A Single Sign-on issue affecting Mac OS X v10.5.5 and Mac OS X Server v10.5.5 was also fixed to enable automated scripts to use sso_util command more securely. ColorSync has been updated to fix a buffer overflow vulnerability that occurs while handing images with embedded ICC profiles. Viewing a maliciously crafted image can lead to an application crash or arbitrary code execution, Apple warned.
Also included in the release are updates for open-source projects Apache, PHP, Tomcat and ClamAV. MySQL has also been updated to version 5.0.67 to address multiple vulnerabilities.