OS X security update defuses PNG exploit
In addition to Mac OS X v10.3.5, Apple on Monday released Security Update 2004-08-09, which corrects a recently identified issue related to a library used to show PNG format graphics. The library is used on several computing platforms and by several applications, including Apple's own Safari Web browser. Apple provided only cursory information with this security update, but indicated that Security Update 2004-08-09 contains an updated libpng library.
The independent security researcher who identified the problem said that under certain circumstances, a hacker could use the exploit to compromise the security of a system through graphical e-mail clients, and Web browsers can be made to crash when viewing affected PNG images. More information about the exploit itself is available online.
The new security update is available for download through the Software Update system preferences pane. If you have already applied the 10.3.5 update to your Mac, you will not see the security update separately -- it's already integrated into Mac OS X v10.3.5.