Security Update 2005-005 for Mac OS X 10.3.9 -- Apple has released Security Update 2005-005 to address several online security issues with Mac OS X 10.3.9 and Mac OS X Server 10.3.9. Users can download the patch via Software Update or from Apple's Web site (about 6 MB, depending on version).
Security Update 2005-005 rolls in patches for a number of Mac OS X applications and technologies, as well as components of Mac OS X's underlying Unix implementation. Key fixes address buffer overflows and means by which attackers could potentially overwrite files, escalate privileges, or execute arbitrary code using the Finder, Help Viewer, the Foundation and AppKit application frameworks, Terminal, and AppleScript. Other fixes affect the Apache Web server, lukemftpd, sudo, Directory Services, VPN, and X11; in addition, Security Update 2005-005 disables Bluetooth file sharing by default, and prevents Bluetooth services from accessing files outside the default file exchange directory. As of this writing, a similar update has not been made available for Mac OS X 10.4 Tiger, and it's not clear whether Tiger already addresses these security concerns. [GD]