Mac OS security update

The Mac OS X 10.5.8 update, released on Wednesday, includes a variety of fixes for security vulnerabilities. A bug included in previous versions allowed decompression of maliciously crafted data to terminate an application. Another issue allowed a website to control the displayed website URL in a certificate warning.

The company also improved validation of ColorSync profiles to avoid unexpected application termination or code execution when viewing images. Other bugs relate to Canon RA, PNG and OpenEXR images, along with EXIF metadata.

The system's list of unsafe content has been expanded to issue more warnings of potentially malicious JavaScript items, while signing out of the MobileMe preference pane now deletes all of the user's credentials. OS X now properly blocks the use of Multi-Touch gestures when the system is locked, preventing unauthorized users from managing applications or using Expose.

The Mac OS X 10.5.8 update can be downloaded from Apple's Support page or through Software Update.

by MacNN Staff