Mac OS X 10.5.4 makes reliability and security the main issues

Stephen Withers
Tuesday, 01 July 2008 04:44

Opinion and Analysis

The update also addresses a number of security issues. These include the addition of .xht and .xhtm files to the 'potentially unsafe' list, and the removal of vulnerabilities in the Alias Manager, c++filt, Launch Services, Ruby, and WebKit that can lead to arbitrary code execution.

Perhaps the most serious of these is the WebKit flaw, as it can be exploited by maliciously crafted JavaScript in a web page and affects Safari for Mac OS X and Windows. The flaw is also addressed by Safari 3.1.2 for Mac OS X 10.4.11 or Windows, which was released last month.

Other security matters include a fix for a flaw that could allow users to bypass the screen lock when waking a system from sleep or the screen saver,  better validation of SNMPv3 packets, and a denial of service issue in the VPN software.

Flaws in this list relevant to Mac OS X 10.4.11 (including Server) are also addressed by Security Update 2008-004.

The updates are available via Software Update or directly from Apple's web site.

The Mac OS X 10.5.4 update is 88M, possibly less when installed via Software Update. But the combo version for use with any version of Leopard is a hefty 561M.