X

Security Update 2008-001 (for Mac OS X 10.4.11. 10.5.1)

10.5.2's security enhancements for older systems.

CNET staff
See full bio
CNET staff
2 min read

[Tuesday, February 12th]

Apple has released Security Update 2008-001 in PowerPC and Intel editions. This update is not required if you have already updated to Mac OS X 10.5.2 -- 10.5.2 includes the same security refinements.

  • "An application removed from the system may still be launched via the Time Machine backup Launch Services is an API to open applications or their document files or URLs in a way similar to the Finder or the Dock. Users expect that uninstalling an application from their system will prevent it from being launched. However, when an application has been uninstalled from the system, Launch Services may allow it to be launched if it is present in a Time Machine backup. This update addresses the issue by not allowing applications to be launched directly from a Time Machine backup. This issue does not affect systems prior to Mac OS X v10.5. C
  • Mail: Accessing a URL in a message may lead to arbitrary code execution An implementation issue exists in Mail's handling of file:// URLs, which may allow arbitrary applications to be launched without warning when a user clicks a URL in a message. This update addresses the issue by displaying the location of the file in Finder rather than launching it. This issue does not affect systems running Mac OS X v10.5 or later.
  • Viewing a maliciously crafted web page may lead to arbitrary code execution An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved validation of URLs. Credit to Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue.
  • X11 Multiple Vulnerabilities exist in X11 X Font Server (XFS) 1.0.4 Description: Multiple vulnerabilities in X11 X Font Server (XFS), the most serious of which may lead to arbitrary code execution. This update addresses the issue by updating to version 1.0.5."

The new release is available through Software Update or via the following download links:

For a full list of security enhancements, see Apple knowledge base article #307430.

Feedback? Late-breakers@macfixit.com.

Resources

  • Security Update 2008-001 (PPC) [16.7MB]
  • Security Update 2008-001 (Intel) [28.8MB]
  • #307430
  • Late-breakers@macfixit.com
  • More from Late-Breakers

    • Computing Guides

    Laptops
    Desktops & Monitors
    Computer Accessories
    Photography
    Tablets & E-Readers
    3D Printers
    Computing Coupons