The Mac OS X 10.6.5 update Apple released late on Wednesday addressed a long list of potential security flaws in addition to the many other fixes and enhancements in included. Apple also released a matching security update for Mac OS X 10.5, or Leopard, users.
Mac OS X 10.6.5 and Security Update 2010-007 address a well publicized security threat where documents such as PDFs containing maliciously crafted embedded fonts could let an attacker remotely gain control over a user’s computer. Examples of how the flaw works were published by Core Security shortly before Apple’s updates were released.
The update also fixes a CoreGraphics-related issue where maliciously-crafted PDFs could be used to remotely gain control over a user’s computer, and addresses security flaws in the CUPS printing system, Directory Services, gzip archives, Image Capture, OpenLDAP and OpenSSL, PHP, QuickTime, Safari’s built-in RSS service, and more.
The security updates are included with the Mac OS X 10.6.5 update, and are available via Security Update 2010-007 for Leopard users. Both are available the Software Update application, or as downloadable installers at the Apple Support Web site.
[Thanks to khaled for helping sort through the security update.]