magmatic.com - Squawk Box

Apple has released a security and update bonanza for various system components, iTunes and QuickTime. Users and administrators should perform these updates right away if that have not already. Some critical highlights which address Common Vulnerability and Exploits (CVE) identifications include the following:

Buffer overflow in the AppKit related to spell checking
Firewall startup timing issues in 10.5.x
AFP file server access control checks failed to ensure credentials and allowed guessed access even if disabled
World readable files could be accessed outside the shared folder, file path handling has been approved in this update
Input validation issue is address along with other apache vulnerabilities by updating to version 2.2.14
Two memory corruption errors are address in CoreAudio
CoreTypes has added .ibplugin and .url are now flagged as unsafe by the system, thus the user will be flagged and the object will not automatically be launched
Cups and Curl have been improved by improving the handling of null characters, validation improvements and setuid directory handling
Cyrus IMAP authentication is improved with better bounds checking
Disk Image flaw and memory corruption issue is addressed with bounds checking and better handling of package types regarding internet enabled disk images
IChat server issues have been address with memory management, reference tracking and improved SASL negotiation
ImageIO and ImageRAW are improved by better memory initialization, bounds checking and validation of images
OS Services has improved privilege management
MailMan and Mail have been updated
MySQL is updated to version 5.0.88
QuickTime has been updated to address various vulnerabilities
vim, X11 and xar have all been updated or improved
Wiki Server web SACL does not override service ACL (10.5.x only)

Needless to say that Apple has been busy patching holes in a variety of packages and components.