NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0406 Apple Releases Leopard Patch:
On Monday, Apple issued its first security update for the year, patching at least 10 vulnerabilities
in Mac OS/X as it also upgraded Leopard to Version 10.5.2 after weeks of speculation on its release
date. The 10 fixes - the tally may be more since one of the items claimed multiple vulnerabilities
were under its umbrella - were a far cry from Apple's last update, a December 2007 monster that
patched 42 bugs. As is the norm for Apple's security fixes, Security Update 2008-001 plugged holes
in Apple's own software as well as flaws in some of the open-source components integrated with
Tiger and Leopard. Among the open-source parts patched today were Samba, a file- and print-sharing
application, and X11, the Apple version of the X Window System. Apple pegged seven of the 10
vulnerabilities as capable of "arbitrary code execution," which is the company's phrasing for a bug
whose exploit could insert malicious code on a Mac or allow the attacker to hijack the machine.
The security update can be downloaded manually from the Apple site, or retrieved and installed
using Mac OS/X's integrated update feature. Apple also released Mac OS 10.5.2. It is the second
update to Leopard since that operating system's debut in October 2007.
(ComputerWorld 11FEB08)