FMEO News Update: Security Update 2010-005

The hazards of releasing FMEO a day earlier than normal!

Apple released a big security update late yesterday afternoon dubbed Security Update 2010-005.

The 81MB update for Snow Leopard (212MB for Leopard!) contains several important fixes to improve your Mac’s security.

These updates include:

  • A CoreGraphics patch to close the potential malicious PDF exploit in Preview.
  • Additional packet inspection to help prevent denial of service exploits in Samba.
  • PHP updated to 5.3.2 to close several security holes in 5.3.1.
  • Apple Type Services (ATS) has improved bounds checking to protect against documents containing maliciously crafted fonts.
  • Anonymous TLS/SSL connections are now disabled to help protect against “man in the middle” attacks.
  • Improved handling of Certificate Host Names in libsecurity, and the update also includes an update to ClamAV for OS X Server to close known security vulnerabilities.

Security Update 2010-005 can be downloaded for Leopard Client and Server as well as Snow Leopard Client and Server via Software Update or can be downloaded directly from Apple’s support site using the links below:

> UPDATE: Security Update 2010-005 for Leopard Client / Server
> UPDATE: Security Update 2010-005 for Snow Leopard Client / Server

Mike