Thursday, October 09, 2008, 01:55 pm PT (04:55 pm ET)
Apple releases Security Update 2008-007 for Mac OS XApple on Thursday afternoon released its seventh distinct security fix of the year for Mac OS X to tackle a number flaws, including one introduced with its 10.5.5 update.
Available for both Mac OS X Leopard (Client, Server) and Tiger (Intel Client, PowerPC Client, PowerPC Server), Security Update 2008-007 addresses a mixture of UNIX foundation and Mac-specific flaws.
Among the fixes is one for the launchd daemon that only affects Mac OS X 10.5.5. The particular implementation may sometimes fail to sandbox apps that want to be isolated from the system, potentially exposing them to attacks.
Other Mac-related problems mended in the were first discovered by outside security teams, including a remote CUPS printing exploit found by TippingPoint's Zero Day Initiative as well as holes in ColorSync, Finder, general Mac OS X networking, PSNormalizer, QuickLook, root certificates, Script Editor and Weblog.
A pair of additional, special patches close vulnerabilities in the third-party ClamAV utility and allow a single sign-on with a password in a file, allowing scripts to use the sign-on feature without dropping security.
Solutions for UNIX flaws include updated versions of Apache, libxslt, MySQL Server, PHP, Postfix, rlogin, Tomcat and vim.