Apple Ships 41 Patches for Tiger, Leopard

Apple has shipped a major security update to correct at least 41 vulnerabilities affecting users of its flagship Mac operating system.

With Security Update 2007-009, the Cupertino, Calif., vendor corrects multiple critical flaws that could allow malicious hackers to take complete control of Mac OS X (Tiger and Leopard) machines.

A separate security update was also released to patch a solitary information disclosure hole in Safari 3 for Windows Beta. The Safari patch affects both Windows XP and Windows Vista systems.

The Mac fixes—available for Mac OS X v10.4.11 and Mac OS X v10.5.1 (desktop and server)—corrects several high-risk issues that Apple warns can lead to “unexpected application termination or arbitrary code execution.”

Read here about an Apple patch that tackles Leopard firewall issues.

One of the issues, in the Flash Player Plug-in, was first fixed by Adobe more than two months ago.

According to Apple’s advisory, drive-by code execution holes are plugged in Address Book, CFNetwork, ColorSync and CUPS.

The company also fixed gaping holes in Core Foundation, Desktop Services, iChat, Launch Services, Mail, Perl, Python, Quick Look, Ruby, Safari (on Mac OS X) and Safari RSS.

Security flaws in Software Update, Shockwave Plug-in and Spotlight are also addressed in this mega-patch.

The Mac OS X and Safari patches come less than a week after Apple released a new Java run-time update to plug at least 18 vulnerabilities that expose Mac OS X users to remote code execution attacks.

On Dec. 13, 2007, Apple shipped a new QuickTime version to plug at least three critical security vulnerabilities.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK’s Security Watch blog.