Apple has released Security Update 2010-005, addressing an assortment of vulnerabilities in Mac OS X 10.5 Leopard and 10.6 Snow Leopard. Several of the fixes included in the update address various ways maliciously crafted files could lead to the dreaded “arbitrary code execution” that is the hallmark of many computer attacks. Mac OS X’s handling of fonts, PDF files, and PNG files (the last only when accessed via PHP under Snow Leopard and Snow Leopard Server) was patched to block such vulnerabilities.
The update also updates ClamAV (in Leopard Server and Snow Leopard Server only) to block other potential arbitrary code execution risks. In both the server and regular editions, Mac OS X’s CFNetwork framework was fixed; it could previously fall victim to “man-in-the-middle” attacks through anonymous SSL/TLS connections.
In addition, Apple updated libsecurity to prevent domain name trickery, patched Samba to prevent a buffer overflow that could allow a denial-of-service attack or arbitrary code execution, and upgraded PHP to version 5.3.2 to address multiple vulnerabilities in the popular scripting language.
Security Update 2010-005 is available via Software Update, which is generally the easiest method of acquiring it. You can also download the update directly for Leopard (211.88 MB), Leopard Server (418.92 MB), Snow Leopard (80.63 MB), and Snow Leopard Server (136.86 MB).