Security Update 2008-007 for Leopard and Tiger released

Apple has released Security Update 2008-007 for both Leopard (Mac OS X 10.5.5) and Tiger (Mac OS X 10.4.11). The new release is available via Software Update or the following download links:

• Security Update 2008-007 Server (Universal) [199MB]
• Security Update 2008-007 Server (PPC) [123MB]
• Security Update 2008-007 Client (PPC) [70MB]
• Security Update 2008-007 Client (Intel) [161MB]
• Security Update 2008-007 Server (Leopard) [125MB]
• Security Update 2008-007 Client (Leopard) [31.MB]

Among the security enhancements in this lease:

• Finder "A maliciously crafted file on the Desktop which causes Finder to unexpectedly terminate when generating its icon will cause Finder to continually terminate and restart. Until the file is removed, the user account is not accessible via Finder's user interface. This update addresses the issue by generating icons in a separate process. This issue does not affect systems prior to Mac OS X v10.5. Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue."
• QuickLook "A signedness issue exists in QuickLook's handling of columns in Microsoft Excel files may result in an out-of-bounds memory access. Downloading or viewing a maliciously crafted Microsoft Excel file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Excel files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple."
• Network A heap buffer overflow exists in the local IPC component of configd's EAPOLController plugin, which may allow a local user to obtain system privileges. This update addresses the issue through improved bounds checking. Credit: Apple.

For a full list of enhancements, see this document.

If you are having problems after the update, please let us know.

Resources