Apple Releases Mac OS X 10.6.6 (with 1 Security Fix)

As we noted in our Mac App Store coverage, Apple released Mac OS X 10.6.6 Thursday. In addition to support for the Mac App Store, the update includes one documented security fix.

The patch notes:

PackageKit

CVE-ID: CVE-2010-4013

Available for: Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5

Impact: A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution

Description: A format string issue exists in PackageKit’s handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aaron Sigel of vtty.com for reporting this issue.

If you have Max OS X 10.6.5 installed, you can find the Mac OS X 10.6.6 update in Software Update as a 114.8MB download. You can also download the combo updater for any version of Mac OS X 10.6.x, but it’s more than 980MB (0.98GB).