AppleInsider | Print: Apple releases Security Update 2008-007 for Mac OS X

View this article at: http://www.appleinsider.com/articles/08/10/09/apple_releases_security_update_2008_007_for_mac_os_x.html
Thursday, October 9, 2008 @ 4:55pm

Apple releases Security Update 2008-007 for Mac OS X

Apple on Thursday afternoon released its seventh distinct security fix of the year for Mac OS X to tackle a number flaws, including one introduced with its 10.5.5 update.

Available for both Mac OS X Leopard (Client, Server) and Tiger (Intel Client, PowerPC Client, PowerPC Server), Security Update 2008-007 addresses a mixture of UNIX foundation and Mac-specific flaws.

Among the fixes is one for the launchd daemon that only affects Mac OS X 10.5.5. The particular implementation may sometimes fail to sandbox apps that want to be isolated from the system, potentially exposing them to attacks.

Other Mac-related problems mended in the were first discovered by outside security teams, including a remote CUPS printing exploit found by TippingPoint's Zero Day Initiative as well as holes in ColorSync, Finder, general Mac OS X networking, PSNormalizer, QuickLook, root certificates, Script Editor and Weblog.

A pair of additional, special patches close vulnerabilities in the third-party ClamAV utility and allow a single sign-on with a password in a file, allowing scripts to use the sign-on feature without dropping security.

Solutions for UNIX flaws include updated versions of Apache, libxslt, MySQL Server, PHP, Postfix, rlogin, Tomcat and vim.