Apple has released a security update for users of Mac OS X 10.5 Leopard and 10.6 Snow Leopard.
Security Update 2010-003 for Snow Leopard, Leopard Client, and Leopard Server fixes exactly one vulnerability: the potential execution of arbitrary code when viewing or even just downloading a document with a maliciously-crafted embedded font.
In Apple’s knowledge base document on the update, the company credits security researcher Charlie Miller for the find. Miller has won the annual Pwn2Own contest by taking over Macs three years in a row. Last year, he also discovered a rather nasty SMS vulnerability that could allow a malicious hacker to install and run unsigned code on an iPhone, complete with root access.
The Security Update 2010-003 for Snow Leopard weighs in at 6.5MB and requires Mac OS X 10.6.3 or later; the 219MB Leopard client and 379MB server versions require Mac OS X 10.5.8 and Mac OS X Server 10.5.8 respectively.
iMac firmware updates
Owners of 27-inch iMacs will want to fire up Software Update, as Apple on Wednesday released a pair of updates for its top-of-the-line consumer desktops: 27-inch iMac EFI FW Update 1.0 and 27-inch iMac SMC Firmware Update 1.0.
The 2.1MB EFI update applies only to those users of 27-inch iMacs powered by the quad-core Intel Core i5 and Core i7 processors: it fixes a problem that caused the process to ramp up while playing audio through the headphone jack and corrects an issue that resulted in the display backlight not turning on when the iMac was powered on. It requires Mac OS X 10.6.3 or later.
The comparatively tiny 397KB SMC Firmware Update addresses compatibility issues with Target Display Mode — that’s the feature that allows you to use an iMac as an external monitor. It also requires Mac OS X 10.6.3 or later.
Both iMac updates are available from Apple’s support downloads page as well as via Software Update.
But wait, there’s more…
For any early MacBook Pro adopters rocking the new i5 or i7 models just released, there is also a software update for you! It contains improvements for graphics stability and other bug fixes. Get it from the Apple support page.