Apple 2008-001 Security Update mends URL exploits, moreApple's 2008-001 security fix for Mac OS X Leopard and Tiger tackles several networking issues, particularly malicious web addresses in Safari and Mail. Also, a WebObjects update has been released to patch several outstanding bugs for systems using Leopard.
Security Update 2008-001
Apple on Monday evening introduced its first security patch of the year. Security Update 2008-001 is available in PowerPC (16.7MB) and Universal (28.8MB) versions.
Most of the fixes apply to Mac OS X Leopard and Leopard server, Apple says. Among these, a fix for the operating system's Foundation level prevents a malicious web URL from either crashing the program or allowing arbitrary code. Other Leopard-specific fixes include preventing Parental Controls from disclosing information when unblocking websites, Launch Services, NFS client and server vulnerabilities, and X11 issues with Font Server as well as being unable to change security preferences.
Multiple fixes also apply to either both Leopard and Tiger or to Tiger exclusively. Both versions of Mac OS X are affected by issues with Samba networking and Terminal; In Tiger, Apple has closed exploits possible through Directory Services, malicious URLs in Mail, and Open Directory.
Apple notes that not all users will be presented with the fix: Mac OS X 10.5.2 includes the update for most Leopard configurations.
WebObjects Update 5.4.1 for Mac OS X 10.5
Additionally, Apple's WebObjects Update 5.4.1 (153MB) is aimed at Leopard and patches several bugs for issues such as database compatibility, deployment tools, and web service serialization.