The just-released Mac OS X 10.6.5 includes numerous security fixes that are also relevant to Mac OS X 10.5.8 Leopard and Leopard Server. For you Leopard users out there, Apple has now released Security Update 2010-007 Leopard Client and Security Update 2010-007 Leopard Server to address 32 vulnerabilities spread throughout the operating system. You can read the details on Apple’s Web site.
Flash Player merits special attention, since Apple’s inclusion of version 10.1.102.64 addresses 56 different vulnerabilities since the previously shipped version. That’s somewhat deceptive, since Mac OS X 10.6.4 shipped with Flash Player 10.0.45.2 even when 10.1.53.64 was current with fixes for numerous security holes. In short, don’t depend on Apple to provide the latest version of Flash Player; it’s a huge target for security exploits and Adobe is constantly releasing new versions to address significant problems.
Four of the security changes are specific to Mac OS X Server 10.5.8, notably fixes to Password Server and Wiki Server, and new versions of MySQL and PHP.
Security Update 2010-007 is most easily downloaded via Software Update, but standalone installers are also available via the links above. (Free, 240.74 MB for Mac OS X 10.5 Leopard, 448.10 MB for Leopard Server)