updated 05:00 pm EDT, Tue August 24, 2010
Fixes gaps in fonts, domains and PDFs
Apple has released a new security update, 2010-005. Four versions of the file are available, directed at the regular and Server editions of Leopard and Snow Leopard. Several vulnerabilities are fixed across all patches; these include ones with maliciously crafted fonts and PDF files, as well as remote attacks linked to the Samba cross-platform networking protocol. Another closed hole involves impersonating hosts with a slightly modified domain name.
Changes unique to Snow Leopard address a man-in-the-middle attack -- used to steal credentials or direct connections -- and flaws in PHP, which can for instance permit malicious PNG images. PHP itself has been updated to v5.3.2. Limited to the Server software are corrections in ClamAV, made possible by an upgrade of the latter to v0.96.1.
The client and server Snow Leopard downloads are 80.63MB and 136.86MB. For Leopard the files measure 211.88MB and 418.92MB, respectively. These can be downloaded directly or through Mac OS X's Software Update feature.