Apple has released a security and update bonanza for various system components, iTunes and QuickTime. Users and administrators should perform these updates right away if that have not already. Some critical highlights which address Common Vulnerability and Exploits (CVE) identifications include the following:

• Buffer overflow in the AppKit related to spell checking
• Firewall startup timing issues in 10.5.x
• AFP file server access control checks failed to ensure credentials and allowed guessed access even if disabled
• World readable files could be accessed outside the shared folder, file path handling has been approved in this update
• Input validation issue is address along with other apache vulnerabilities by updating to version 2.2.14
• Two memory corruption errors are address in CoreAudio
• CoreTypes has added .ibplugin and .url are now flagged as unsafe by the system, thus the user will be flagged and the object will not automatically be launched
• Cups and Curl have been improved by improving the handling of null characters, validation improvements and setuid directory handling
• Cyrus IMAP authentication is improved with better bounds checking
• Disk Image flaw and memory corruption issue is addressed with bounds checking and better handling of package types regarding internet enabled disk images
•  IChat server issues have been address with memory management, reference tracking and improved SASL negotiation
• ImageIO and ImageRAW  are improved by better memory initialization, bounds checking and validation of images
• OS Services has improved privilege management
• MailMan and Mail have been updated
• MySQL is updated to version 5.0.88
• QuickTime has been updated to address various vulnerabilities
• vim, X11 and xar have all been updated or improved
• Wiki Server web SACL does not override service ACL (10.5.x only)

 Needless to say that Apple has been busy patching holes in a variety of packages and components.