Jun 30 2008
Apple released a Mac OS X update today, bring us up to 10.5.4. This update is available in Update and Combo Update flavors for Mac OS X 10.5 and Mac OS X 10.5 Server (gory details after the “read more”):
- Mac OS X 10.5.4 Combo Update
- Mac OS X 10.5.4 Update
- Mac OS X Server 10.5.4
- Mac OS X Server Combo 10.5.4
Publishing pros will be happy to know that the 10.5.4 update includes fixes that help it play nicely with Adobe Creative Suite apps like InDesign and Photoshop. As noted by Adobe’s Tim Cole on his blog:
Apple’s 10.5.4 update contains more fixes for the Nav Services crash problem that manifests itself most frequently in InDesign. It also contains a fix for the file corruption problem that occurs when saving files to a remote server.
In addition, Apple also issued Security Update 2008-004 and Security Update 2008-004 Server in Intel and PPC varieties (gory details for this also after the “read more”)
- Security Update 2008-004 (PPC)
- Security Update 2008-004 (Intel)
- Security Update 2008-004 Server (PPC)
- Security Update 2008-004 Server (Intel)
Mac OS X 10.5.4 update info:
- Includes recent Apple security updates.
- Resolves an issue with saving and reopening Adobe Creative Suite 3 ﬁles on a remote server.
- Includes additional RAW image support for several cameras.
- Addresses an issue that may result in a partially installed X11 application.
- Improves L2TP VPN client reliability.
- Addresses AirPort reliability issues with 5GHz networks.
- Addresses AirPort issues that may result in slower performance in Logic Studio or MainStage.
- Improves overall iCal reliability for meeting requests, cancellation notices, delegation, and syncing with iPhone.
- Resolves an issue that prevents deleting an iCal event without notifying the creator.
- Addresses an issue in which events in all calendars affect availability. A checkbox now enables information-only calendars to be transparent from free/busy lookups.
- Resolves a UI issue preventing delegated calendars from showing up as a separate window.
- Addresses an issue with copying and pasting attendees from one event to another.
- Resolves an issue in which iCal may not delete events after a speciﬁed time interval, even when set to do so in iCal preferences.
- Addresses an issue in which To Dos cannot be marked private.
- Addresses a potential performance issue when loading secure web pages.
- Resolves issues that may be encountered when accessing secure web pages with client certificates that reside on a smart card.
Spaces and ExposÃ©
- Addresses an issue in which switching from a space with a Finder window keeps the Finder as the active application instead of the application residing in the destination space.
- Fixes an issue in which dragging an application from the list of application assignments in Spaces System Preferences does not assign the application to the desired space.
- Resolves an ExposÃ© issue that may result in only a subset of windows being shown.
Nasty scenarios fixed by Security Update 2008-004:
- Resolving an alias containing maliciously crafted volume mount information may lead to an unexpected application termination or arbitrary code execution
- Users are not warned before opening certain potentially unsafe content types
- Passing a maliciously crafted string to c++filt may lead to an unexpected application termination or arbitrary code execution
- A person with physical access may be able to bypass the screen lock
- Visiting a maliciously crafted website may lead to arbitrary code execution
- A remote attacker may be able to spoof an authenticated SNMPv3 packet
- Running a Ruby script that uses untrusted input to access strings or arrays may lead to an unexpected application termination or arbitrary code execution
- If WEBRick is running, a remote attacker may be able to access files protected by WEBrick’s :NondisclosureName option
SMB File Server
- A remote attacker may be able to cause an unexpected application termination or arbitrary code execution
- A local user may be able to execute arbitrary code with the privileges of new users
- Multiple vulnerabilities in Tomcat 4.1.36
- Remote attackers may be able to cause an unexpected application termination
- Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution