Apple has released Security Update 2010-004 along with the latest operating system patches that update Mac OS X to versions 10.6.4 (Snow Leopard) and 10.5.9 (Leopard), as well as Mac OS X Server 10.5.9. The update addresses 23 security issues and mac viruses in Leopard and Snow Leopard.
Several of the Mac vulnerabilities addressed by the update had been considered particularly serious. for example, Apple has fixed an oversight in the “Apply to enclosed items” function in Finder that allowed files to be transferred without changing their ownership status, which meant that files could be given unnecessary permissions without the user’s knowledge.
Another vulnerability affected iChat’s handling of inline images when using AIM. This security hole could allow files to be uploaded to the user’s hard drive without authorization.
There was one serious Leopard-only issue, which involved a problem with NetAuthSysAgent which could allow any local user to perform certain operations that would normally be associated with the administrative account.
Additionally, according to Apple’s documentation for the update, it also includes an updated version of Adobe Flash which addresses numerous security issues, as detailed here previously.
Security Update 2010-004, along with the aforementioned operating system updates, are available from Apple Downloads.
Related posts:
- Security Update 2010-003 for Mac OS X Released
- Security Update for Photoshop CS4 Released
- Mac Security Updates for Safari and Chrome
- Mac OS X 10.6.3 Released
- Security Vulnerabilities Fix Coming for Snow Leopard 10.6.3
