Apple has released OS X 10.5.4 (59 MB via Software Update) to the masses which includes the content of Security Update 2008-04. The update also includes improvements to AirPort reliability and speed, many iCal improvements, two secure surfing improvements to Safari and three Spaces & Exposé bugs.
The Security Update fixes 21 security issues in OS X 10.4 and 14 security issues in OS X 10.5. Fixes for especially nasty bugs include:
- CVE-2008-2309 which adds .xht and .xhtm files to the system’s list of content types that will be flagged as potentially unsafe under certain circumstances, such as when they are downloaded from a web page. While these content types are not automatically launched, if manually opened they could lead to the execution of a malicious payload. This update improves the system’s ability to notify users before handling .xht and .xhtm files.
- CVE-2008-2314 which disables hot corners when the screen lock is active (When the system is set to require a password to wake from sleep or screen saver, and Exposé hot corners are set, a person with physical access may have been able to access the system without entering a password prior to this fix.)
- CVE-2008-0960 which performs better validation of SNMPv3 packets (SNMP can be used to retrieve information about your system).
OS X 10.5.4 can be installed via Software Update or downloaded directly from Apple.
If you have installed any of these updates, drop a note in the comments if you experienced any issues or if you can confirm whether a particular issue you have been seeing has been fixed.