Mac OS X is safer today than it was Tuesday, thanks to Apple. The company on Wednesday posted Security Update 2008-003, containing forty one performance and security fixes for the enhanced Active Directory, AirPort, iChat, Mail, Time Machine and several other components of the company’s operating system. It also fixes a flaw in iCal that would leave machines vulnerable to remote code execution and potential hacking or theft of data.
The update, for Mac OS X 10.4.11 and Mac Server OS X 10.4.11, brings Leopard users to version 10.5.3, and is strongly recommended for anyone using prior versions. Mac OS X 10.5.3 also was released this week and contains the update. The patch also fixes application-terminating bugs in AFP Server, AppKit, Apple Pixlet Video, ATS, CoreFoundation, CoreGraphics, the Flash Player Plug-in and Help Viewer. Seven fixes affect the Flash Player alone, which was vulnerable to malicious code hidden inside Trojan content. Another seven repair Apple’s implementation of the Apache Web server, which was until now susceptible to certain attacks, including those from cross-site scripting.
Some of the other more severe security-breach fixes were in Apple’s Mail e-mail client and iCal scheduler. Mail had previously allowed one user to manipulate files and conduct other activities using someone else’s access privileges, and to remotely expose passwords when using single sign-on, expose Wiki Server user names and enable various other forms of remote attack. The iCal issue involves unexpected application termination, but only affects systems running Mac OS X 10.5. Details about other security-related fixes are available at Apple’s Security Update 2008-003 page; there’s a separate page for non-security-related details.