Apple releases Security Update 2008-007 for Mac OS X

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple on Thursday afternoon released its seventh distinct security fix of the year for Mac OS X to tackle a number flaws, including one introduced with its 10.5.5 update.

Available for both Mac OS X Leopard (Client, Server) and Tiger (Intel Client, PowerPC Client, PowerPC Server), Security Update 2008-007 addresses a mixture of UNIX foundation and Mac-specific flaws.

Among the fixes is one for the launchd daemon that only affects Mac OS X 10.5.5. The particular implementation may sometimes fail to sandbox apps that want to be isolated from the system, potentially exposing them to attacks.

Other Mac-related problems mended in the were first discovered by outside security teams, including a remote CUPS printing exploit found by TippingPoint's Zero Day Initiative as well as holes in ColorSync, Finder, general Mac OS X networking, PSNormalizer, QuickLook, root certificates, Script Editor and Weblog.

A pair of additional, special patches close vulnerabilities in the third-party ClamAV utility and allow a single sign-on with a password in a file, allowing scripts to use the sign-on feature without dropping security.

Solutions for UNIX flaws include updated versions of Apache, libxslt, MySQL Server, PHP, Postfix, rlogin, Tomcat and vim.