We presume that Mac OS X 10.6 Snow Leopard included numerous security-related fixes, since Apple has now released Security Update 2009-005 to bring them to Mac OS X 10.4 Tiger and Mac OS X 10.5 Leopard, both the desktop and server versions. Not all the fixes apply to all versions of Tiger and Leopard, but since they’re all bundled together, the best advice we can give is to download and install.
Most of the bugs were discovered by Apple, which is good to hear, since it could imply that the company is performing more security auditing than in the past (for more suggestions, see Rich Mogull’s “Five Ways Apple Can Improve Mac and iPhone Security,” 2009-06-03).
Areas receiving attention include the Alias Manager, CarbonCore, ClamAV, ColorSync, CoreGraphics, the CUPS printing system, ImageIO, Flash Player plug-in, Launch Services, MySQL, PHP, SMB, and the Wiki Server; you can read more about the fixes in this KnowledgeBase article.
I was amused at this bug: “Viewing a maliciously crafted PixarFilm encoded TIFF image may lead to an unexpected application termination or arbitrary code execution.” Could there be some animosity between Pixar and Apple? I mean, who else would maliciously craft a PixarFilm-encoded TIFF file?
We recommend using Software Update to get Security Update 2009-005 for simplicity’s sake, but if you must download, there are numerous versions:
- Security Update 2009-005 (Leopard): 93.14 MB
- Security Update 2009-005 Server (Leopard): 93.14 MB
- Security Update 2009-005 (Tiger PPC): 77.95 MB
- Security Update 2009-005 (Tiger Intel): 169.75 MB
- Security Update 2009-005 Server (Tiger PPC): 132.53 MB
- Security Update 2009-005 Server (Tiger Intel): 132.53 MB
- Security Update 2009-005 Server (Tiger Universal): 206.43 MB