Leopard's A Big Enough Dog To Get Fleas Now
While Security Update 2008-003 targets, Mac OS X v 10.4.11 and Mac Os X Server v 10.4.11, it also incorporates repairs for Mac OS X v 10,5.3, which was also released Wednesday.
Unlike other software companies, Apple doesn't have a fixed rating system that designates vulnerabilities as "critical," however numerous patches in Security Update 2008-003 address errors that could allow a remote attacker to execute malicious code on an affected system.
Altogether, this patch release fixes holes in Apache, AFP Server, AppKit, Apple Pixlet Video, ATS, CFNetwork, CoreFoundation, CoreGraphics, CoreTypes, CUPS, Flash Player Plug-in, Help Viewer, iCal, International Component for Unicode, Image Capture, ImageIO, Kernel, Mail, ruby, Single Sign-On and Wiki Server.
It's a long list of potential problems being addressed, but the most interesting one might be a patch of the handling of embedded fonts on PDF files. The flaw might allow a remote attacker to take control of an entire system if a PDF containing a spoofed font was printed. Consider how clever that is. Is there anyone that clever working for the good guys?