updated 02:05 pm EST, Mon December 15, 2008
Mac OS X 10.5.6 security
Fresh after announcing the general changes in Mac OS X 10.5.6, Apple has posted a list of the security updates present in the new code. The company has for instance addressed several possible Trojan attacks, launched through images, PDF documents, CPIO archives, ISO files and web cookies. Similarly, Apple has expanded the list of potentially unsafe file types which will trigger Mac OS' Download Validation feature.
New arbitrary code executions in the Flash plug-in have been blocked, and two kernel issues have been fixed: one in which a local hacker could gain system privileges, and a second in which running executables linking to dynamic libraries would cause a crash. Three API vulnerabilities have meanwhile been fixed in Libsystem, all of which could allow arbitrary code execution or produce crashes.
Apple has lastly addressed a glitch in which managed screensaver settings would not apply; a denial-of-service attack allowed by Internet Sharing; and an access bypass for the administrative controls of Podcast Producer, found in Mac OS X Server.