Apple releases security, Java updates
Apple on Thursday released the first security update of 2009, the aptly named Security Update 2009-001. The update, which is available in versions for Leopard, Leopard Server, Tiger for Intel Macs, Tiger for PowerPC-based Macs, Tiger Server for PowerPC-based Macs, and Server Universal addresses a number of flaws in OS X. Security Update 2009-001 is recommended for all users and is available via Apple's site or Software Update.
Among the fixes in Security Update 2009-001 are a patch for the Safari RSS vulnerability demonstrated by developer Brian Mastenbrook last January. Also fixed were a denial of service vulnerability in AFP server, a flaw in CoreText that could allow maliciously crafted Unicode content to execute arbitrary code, and a security hole that could let other local users access a user’s Downloads folder, and several other vulnerabilities.
In addition, Apple also posted two Java updates: Java for Mac OS X 10.5 Update 3 and Java for Mac OS X 10.4, Release 8. Both updates are said to “address security and compatibility issues” and are compatible with both Intel and PowerPC-based Macs.