Leopard, Snow Leopard Security Update Address Font Issues, More

The Mac OS X 10.6.5 update Apple released late on Wednesday addressed a long list of potential security flaws in addition to the many other fixes and enhancements in included. Apple also released a matching security update for Mac OS X 10.5, or Leopard, users.

Mac OS X 10.6.5 and Security Update 2010-007 address a well publicized security threat where documents such as PDFs containing maliciously crafted embedded fonts could let an attacker remotely gain control over a user’s computer. Examples of how the flaw works were published by Core Security shortly before Apple’s updates were released.

The update also fixes a CoreGraphics-related issue where maliciously-crafted PDFs could be used to remotely gain control over a user’s computer, and addresses security flaws in the CUPS printing system, Directory Services, gzip archives, Image Capture, OpenLDAP and OpenSSL, PHP, QuickTime, Safari’s built-in RSS service, and more.

The security updates are included with the Mac OS X 10.6.5 update, and are available via Security Update 2010-007 for Leopard users. Both are available the Software Update application, or as downloadable installers at the Apple Support Web site.

[Thanks to khaled for helping sort through the security update.]