Apple managed to sneak a few security updates in at the tail end of December and Security Update 2007-09 adds 41 to the CVE totals for OS X in general, with 31 for 10.4 (Tiger), and only 20 for OS X 10.5 (Leopard). This is in addition to the Java and QuickTime updates released on December 13, 2007.
Windows users need to pay Apple’s security site a vitit as well if you’re using Safari (all three of you).
Given the unexpeced, end of year, full-on security patch release and the disparity between the number of Leopard security fixes and Tiger security fixes, it looks like it really might be time to bite the bullet and switch if you haven’t already. The miscreants may just be waiting for Leopard to gain further popularity before concentrating efforts, but I suspect that the engineers at Apple did a solid job reviewing and fixing the new operating system before its release (there will always be functional and security bugs in something as large as darwin/OS X) and the new security components should make it even more difficult for attacks to be successful.
I have two workstations converted and have been pleased (mostly) with the results. I was waiting for Parallels to get their act together before migrating my primary workstation and their recent release seems to have squashed the remaining Leopard bugs (I run both VMware and Parallels and VMware was ready to go far earlier). The upcoming long holiday weekend should provide enough down time to make the switch on the rest of the systems, with the security situation providing even more incentive. (Truth be told, I’m also really interested in being able to take advantage of the fully integrated scripting bridge, but more on that in another post).