Security Update 2010-007 patches Mac OS X 10.5

Apple on Wednesday released Security Update 2010-007, bringing the same security patches included in the recent Mac OS X 10.6.5 release to Macs running 10.5 Leopard client or server versions.

Among the more prominent fixes included in the update is a fix for a bug in Apple Type Services which could allow the downloading of a maliciously crafted font file to lead to arbitrary code execution. That bug, originally caught by security firm Core Security, was similar to a vulnerability in Apple’s iOS that allowed hackers to jailbreak devices running that software. Apple patched the flaw in an iOS update

In addition to fixing the font bug, 2010-007 brings an updated version of Adobe’s Flash Player plug-in—numbered 10.1.102.64—which patches a number of security vulnerabilities, some of which could lead to arbitrary code execution. Patches are also included for a number of holes in QuickTime, Time Machine, Safari RSS, Quick Look, and several of OS X’s other underlying systems.

The Leopard client version of Security Update 2010-007 weighs in at 240.74MB while the server version is 448.10MB. If you’re running an eligible system, the relevant update should appear in Software Update—otherwise you can download them from Apple’s support download Website at the links above.

At a Glance
  • Macworld Rating

    Read the full review

    MSRP: $129 (5-user family pack, $199)

    Pros

    • Addresses numerous shortcomings from previous OS versions
    • Easy backup tools
    • Major improvements in included applications
    • Improved security and networking functions

    Cons

    • Some bugs in Spaces window behavior
    • Illegible menu items with some Desktop backgrounds
    • Stacks and Dock features seem poorly thought out

Subscribe to the Best of Macworld Newsletter

Comments