Apple has released Security Update 2008-04 for users of Mac OS X 10.4 Tiger, addressing several issues with the operating system. This update is only for Tiger users; Leopard users received this update as part of the 10.5.4 update released on Monday.
A fix has been made to the Alias Manager that would allow maliciously crafted volume mount information to arbitrarily execute code or lead to application termination. CoreTypes has been updated fixing an issue where users are not warned before opening certain potentially unsafe content types.
If a system requires a password to wake from sleep and Exposé hot corners are enabled, it was possible to access the system without the password.The person would need physical access to the machine to bypass the screen lock – this issue has been fixed.
A problem has been fixed when visiting a maliciously crafted website with “Open Safe Files” enabled in Safari could lead to a file to be opened on the user’s system, resulting in arbitrary code execution.
A couple of issues running Ruby on Mac OS X leading to arbitrary code execution have also been fixed.
A memory corruption issue exists in WebKit’s handling of JavaScript arrays. Apple fixed this problem by improving bounds checking. WebKit is the basis for Apple’s Safari Web browser.
Issues have also been fixed with VPN, Tomcat, System Configuration and SMB File Server.
The are several versions of the update available — one for PowerPC, one for Intel, Server (PPC) and Server (Intel).