Apple has released Security Update 2010-005. The 84 MB update is available via the software update utility or by direct download here. Once installed, you will need to reboot your Mac. Security issues addressed in the update include:
- Arbitrary code execution due to a maliciously crafted embedded font
- Anonymous TLS/SSL connections that could allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information
- ClamAV on OS X Server
- Unexpected application termination or arbitrary code execution due to maliciously crafted PDF files
- A buffer overflow in PHP’s libpng library which could lead to unexpected application termination or arbitrary code execution due to maliciously crafted PNG files
- Multiple vulnerabilities in PHP 5.3.1
- An in the handling of certificate host names that could allow impersonation of domain names (i.e. www.applerelated.con vs www.applereplated.com)
- A buffer overflow in Samba that could allow an unauthenticated remote attacker to cause a denial of service attack or execute arbitrary code by sending a maliciously crafted packet.
For more specifics on the issues, read the Apple security update announcement. Previous updates have been included in this patch, and Apple says it is a recommended update for all users.
