This article originally appeared in TidBITS on 2007-05-28 at 3:00 p.m.
The permanent URL for this article is: http://tidbits.com/article/9005
Include images: Off

Security Update 2007-005 Released

by Jeff Carlson

Apple has released its fifth Mac OS X security update of 2007 to patch a number of potential vulnerabilities. Security Update 2007-005 [1] makes changes to CoreGraphics, iChat, VPN, BIND, crontabs, PPP, and other components, in most cases correcting problems that require either local user access or access to the Mac via a local network. However, several fixes are more important. An update to BIND prevents a possible remote denial of service attack (but because it reportedly overwrites the BIND launchd plist file, it may both turn BIND off and cause other changes to be lost, a potential problem for Mac OS X Server machines), a new version of fetchmail prevents possible disclosure of passwords, and a fix for CoreGraphics in Mac OS X 10.4 provides additional verification of PDF files to avoid possible crashes when opening maliciously crafted PDFs. The update is available via Software Update or for download in four varieties: for Mac OS X 10.4.9 as Universal (29.2 MB) [2] and PowerPC (15.7 MB) [3] installers; and for Mac OS X 10.3.9 Client (42.5 MB) [4] and Server (56 MB) [5] systems.

[1]: http://docs.info.apple.com/article.html?artnum=305530
[2]: http://www.apple.com/support/downloads/securityupdate2007005universal.html
[3]: http://www.apple.com/support/downloads/securityupdate2007005ppc.html
[4]: http://www.apple.com/support/downloads/securityupdate20070051039client.html
[5]: http://www.apple.com/support/downloads/securityupdate20070051039server.html