Apple releases Mac OS X 10.5.8
Apple has released Mac OS X 10.5.8, fixing several bugs and security vulnerabilities. The changes in the release address problems with Bluetooth, AirPort networking and a resolution issue in the Displays System Preferences. The update also includes improved support for some external USB devices and better RAW image file support. In addition to various compatibility and reliability improvements, 10.5.8 closes 18 security vulnerabilities.
The update fixes several issues related to maliciously crafted image files, including PNG, Canon RAW and OpenEXR image file formats, that could lead to heap overflows in the ColorSync, Image RAW and ImageIO components. According to Apple, several of the holes can be exploited by an attacker to inject and execute arbitrary code. The update also fixes vulnerabilities in the Kernel related to system privileges, in networking, in bzip2 and in the log-in window. Additionally, Apple notes that 10.5.8 includes Safari 4.0.2, which recently addressed two vulnerabilities in the WebKit browser engine, for users who haven't updated yet.
All users are advised to update using the Software Update service from the Apple Menu or by using a stand alone installer. Mac OS X 10.5.8 is available to download as a Combo Update (759 MB) to upgrade any version of OS X 10.5 Leopard or as a delta update (274 MB) to upgrade from 10.5.7.
- About the security content of Security Update 2009-003 / Mac OS X v10.5.8, security advisory from Apple.