Apple unleashes Leopard and Tiger updates

Apple unleashes Leopard and Tiger updates

Eleven security fixes included

Apple has released its second update for Mac OS X Leopard, providing stability and performance updates and fixes for eight security flaws.

Mac OS 10.4 Tiger also received a security update, getting five patches of its own.

Apple fixed stability and performance problems in Leopard's Airport, Finder and Parental Control components, and updated the Leopard versions of iChat, Mail and Time Machine.

Among the security issues is a flaw in Leopard which could allow an attacker to use a malformed URL in Safari to remotely execute code on a user's system. Previous versions of Mac OS are not affected by the flaw.

Other fixes include remote code execution vulnerabilities in NFS, NetBios and Terminal, along with an information disclosure flaw in the parental controls feature.

The update also fixes an issue in Time Machine which could allow deleted programs to be relaunched via a previous system back-up.

Tiger-specific flaws include a remote code execution vulnerability in Mail and a flaw in Tiger's directory services component which could allow an attacker to run code with no restrictions.

The Leopard 10.5.2 update and the Tiger security update can be installed via Apple's System Update utility or Apple Downloads site.