Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals

Security Update 2009-005 Fixes Tiger, Leopard Vulnerabilities

We presume that Mac OS X 10.6 Snow Leopard included numerous security-related fixes, since Apple has now released Security Update 2009-005 to bring them to Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard, both the desktop and server versions. Not all the fixes apply to all versions of Tiger and Leopard, but since they’re all bundled together, the best advice we can give is to download and install.

Most of the bugs were discovered by Apple, which is good to hear, since it could imply that the company is performing more security auditing than in the past (for more suggestions, see Rich Mogull’s “Five Ways Apple Can Improve Mac and iPhone Security,” 2009-06-03).

Areas receiving attention include the Alias Manager, CarbonCore, ClamAV, ColorSync, CoreGraphics, the CUPS printing system, ImageIO, Flash Player plug-in, Launch Services, MySQL, PHP, SMB, and the Wiki Server; you can read more about the fixes in this KnowledgeBase article.

I was amused at this bug: “Viewing a maliciously crafted PixarFilm encoded TIFF image may lead to an unexpected application termination or arbitrary code execution.” Could there be some animosity between Pixar and Apple? I mean, who else would maliciously craft a PixarFilm-encoded TIFF file?

We recommend using Software Update to get Security Update 2009-005 for simplicity’s sake, but if you must download, there are numerous versions:

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.