This article originally appeared in TidBITS on 2008-05-29 at 7:52 a.m.
The permanent URL for this article is:
Include images: Off

Security Update 2008-003 / Mac OS X 10.5.3 Fix Flaws

by Adam C. Engst

Apple has released Security Update 2008-003 [1] for Mac OS X 10.4.11 to extend the security fixes included in Mac OS X 10.5.3 and Mac OS X Server 10.5.3 to systems running Mac OS X 10.4 Tiger. Most notable among the fixes is one that blocks the iCal vulnerability publicized recently by Core Security Services (see "Unpatched iCal Security Flaws Present Low Risk [2]," 2008-05-22). The reason for Apple's foot-dragging on the iCal vulnerabilities is now clear - if Security Update 2008-003 had been the only release necessary, it could likely have happened on the schedule Apple originally promised. But coordinating a full update to Mac OS X 10.5.3 simultaneously is a much taller order, and Apple undoubtedly wanted to avoid releasing Security Update 2008-003 separately from Mac OS X 10.5.3 Update.

A wide variety of other vulnerabilities have been eliminated in this release, including the following. I list these not because anyone is likely to have encountered them, nor to scare everyone into updating (although that's a good idea). Instead, I'm providing the details to give a sense of just how many security vulnerabilities are found, reported, and patched on a regular basis. As much as there's no need to become paranoid, security really is a big deal in our increasingly networked world.

Security Update 2008-003 is most easily installed via Software Update because otherwise you must pick the right version to download: for the desktop versions of Mac OS X 10.4, choose either PowerPC [3] (72 MB) or Intel [4] (111 MB), and for Mac OS X Server, choose either PowerPC [5] (88.9 MB) or Universal [6] (118 MB).

[6]: significantly significantly