Apple has released its fifth Mac OS X security update of 2007 to patch a number of potential vulnerabilities. Security Update 2007-005 [1] makes changes to CoreGraphics, iChat, VPN, BIND, crontabs, PPP, and other components, in most cases correcting problems that require either local user access or access to the Mac via a local network. However, several fixes are more important. An update to BIND prevents a possible remote denial of service attack (but because it reportedly overwrites the BIND launchd plist file, it may both turn BIND off and cause other changes to be lost, a potential problem for Mac OS X Server machines), a new version of fetchmail prevents possible disclosure of passwords, and a fix for CoreGraphics in Mac OS X 10.4 provides additional verification of PDF files to avoid possible crashes when opening maliciously crafted PDFs. The update is available via Software Update or for download in four varieties: for Mac OS X 10.4.9 as Universal (29.2 MB) [2] and PowerPC (15.7 MB) [3] installers; and for Mac OS X 10.3.9 Client (42.5 MB) [4] and Server (56 MB) [5] systems.

[1]: http://docs.info.apple.com/article.html?artnum=305530
[2]: http://www.apple.com/support/downloads/securityupdate2007005universal.html
[3]: http://www.apple.com/support/downloads/securityupdate2007005ppc.html
[4]: http://www.apple.com/support/downloads/securityupdate20070051039client.html
[5]: http://www.apple.com/support/downloads/securityupdate20070051039server.html

Permanent article URL: http://db.tidbits.com/article/9005
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2007 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.