In association with heise online

13 May 2009, 10:14

Mac OS X 10.5.7 available

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released Mac OS X 10.5.7, implementing several improvements and closing 46 security holes. The changes include improved video playback and cursor movements for recent Macs with NVIDIA graphics cards, support for more cameras and their RAW image files and the latest security fixes.

Apple recommends that users update Mac OS X versions 10.5 to 10.5.6. The delta update (286MB on a Mac with Intel graphics, 449MB on a Mac with NVIDIA GeForce 9400M) can be used for updating from Mac OS X 10.5.6 to 10.5.7. The combo update allows users to update from Mac OS X 10.5, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5 or 10.5.6 to 10.5.7, although it does weigh in at over 700MB.

The 46 holes closed in the update include cross-site scripting vulnerabilities in Apache, buffer overflows in the Safari browser and vulnerabilities in X11, the X Window System. According to Apple, several of the holes can be exploited to inject and execute arbitrary code. In some cases, this involves opening specially crafted documents, while in others a simple visit to a malformed web page is all that's required. Many of the holes were closed weeks ago in the regular versions of the open source applications used by Apple.

Mac OS X 10.4.11 (Tiger) users can download separate security updates for Intel systems and PowerPC computers. Safari, Apple's web browser built on the open source WebKit browser engine, has also been updated to address several security issues. Safari 3.2.3 and the new Safari 4 Public Beta patch a heap buffer overflow in libxml's handling of long entity names, a vulnerability in the handling of "feed:" URLs that could lead to execution of arbitrary JavaScript and a memory corruption issue in the handling of SVGList objects. The Safari updates are available for Mac OS X 10.4.11, 10.5.7, Windows XP and Vista.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit