Apple users it’s time to update your systems again. The new
Mac OS X 10.5.4 updates addresses some 25 vulnerabilities ranging from the
Tomcat application server to the WebKit browser technology.
As Mac’s use a lot of open source technology there are quite a
few updates from open source projects in the 10.5.4 update.
Among the most noticeable are several updates to Ruby for
multiple vulnerabilities.
Impact: Running a Ruby script that uses untrusted input to access strings or
arrays may lead to an unexpected application termination or arbitrary code
executionDescription: Multiple memory corruption issues exist in Ruby’s handling of
strings and arrays, the most serious of which may lead to arbitrary code
execution. This update addresses the issue by performing additional validation
of strings and arrays.
The other issue that is important to note is one that affects WebKit which is the core rendering engine for the Safari web browser.
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Though Apple does not have a “Patch Tuesday” monthly cycle like Microsoft, the 10.5.4 update comes roughly a month after the 10.5.3 update of late May. That’s not to say that Apple is updating on a near monthly basis though as the 10.5.2 update came out in February.