Blog Post

OS X 10.5.4 Released To The Wild + Other Apple Updates

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Apple has released OS X 10.5.4 (59 MB via Software Update) to the masses which includes the content of Security Update 2008-04. The update also includes improvements to AirPort reliability and speed, many iCal improvements, two secure surfing improvements to Safari and three Spaces & Exposé bugs.

The Security Update fixes 21 security issues in OS X 10.4 and 14 security issues in OS X 10.5. Fixes for especially nasty bugs include:

  • CVE-2008-2309 which adds .xht and .xhtm files to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system’s ability to notify users before handling .xht and .xhtm files.
  • CVE-2008-2314 which disables hot corners when the screen lock is active (When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may have been able to access the system without entering a password prior to this fix.)
  • CVE-2008-0960 which performs better validation of SNMPv3 packets (SNMP can be used to retrieve information about your system).

OS X 10.5.4 can be installed via Software Update or downloaded directly from Apple.

Users still running OS X 10.4.11 can also (along with the Security Update) look forward to a Safari 3.1.2 update as well, which includes a fix to a security issue (CVE-2008-2307) involving a memory corruption issue that exists in WebKit’s handling of JavaScript arrays. Without the patch, users who visit a maliciously crafted website may see unexpected application terminations or be vulnerable to arbitrary code execution. Apple engineers improved bounds checking to fix the problem.

If you have installed any of these updates, drop a note in the comments if you experienced any issues or if you can confirm whether a particular issue you have been seeing has been fixed.