Apple has released Security Update 2010-003 (Leopard-Client) to address a critical vulnerability in the way Apple Type Services in Mac OS X 10.6 Snow Leopard parses embedded fonts. Users who view or download any documents containing maliciously crafted embedded fonts run a risk of arbitrary code execution. The update addresses this issue by improving index checking. This vulnerability was first demonstrated by Charlie Miller at the Pwn2Own conference 20 days ago, which shows a reasonably quick response on Apple's part. A nearly identical update - Security Update 2010-003 (Leopard-Server) - that eliminates the same vulnerability is available for Leopard Server. The update requires you are running Mac OS X 10.5.8 and is available via Software Update and the Apple Support Downloads page. (Free, 218.6/379.5 MB)
Turn Off Filename Extension Warning
In Leopard, Apple fixed an annoying aspect of working with the Finder in Tiger. Previously, if you changed a file's extension, the Finder prompted for confirmation. But since no one has ever accidentally changed a filename extension, Apple thankfully added an option to turn that warning off in the Leopard Finder's preferences. Choose Finder > Preferences, and in the Advanced screen, deselect Show Warning Before Changing an Extension.