Apple has released a new security update, 2010-005. Four versions of the file are available, directed at the regular and Server editions of Leopard and Snow Leopard. Several vulnerabilities are fixed including ones with maliciously crafted fonts and PDF files, as well as remote attacks linked to the Samba cross-platform networking protocol.
Changes unique to Snow Leopard address a man-in-the-middle attack — used to steal credentials or direct connections — and flaws in PHP, which can for instance permit malicious PNG images. PHP itself has been updated to v5.3.2. Limited to the Server software are corrections in ClamAV, made possible by an upgrade of the latter to v0.96.1.
The client and server Snow Leopard downloads are 80.63MB and 136.86MB. For Leopard the files sizes are 211.88MB and 418.92MB. These can be downloaded directly or through the Software Update feature.
