Among the more prominent fixes included in the update is a fix for a bug in Apple Type Services which could allow the downloading of a maliciously crafted font file to lead to arbitrary code execution. That bug, originally caught by security firm Core Security, was similar to a vulnerability in Apple’s iOS that allowed hackers to jailbreak devices running that software. Apple patched the flaw in an iOS update
In addition to fixing the font bug, 2010-007 brings an updated version of Adobe’s Flash Player plug-in – numbered 10.1.102.64 – which patches a number of security vulnerabilities, some of which could lead to arbitrary code execution. Patches are also included for a number of holes in QuickTime, Time Machine, Safari RSS, Quick Look, and several of OS X’s other underlying systems.
The Leopard client version of Security Update 2010-007 weighs in at 240.74MB while the server version is 448.10MB. If you’re running an eligible system, the relevant update should appear in Software Update – otherwise you can download them from Apple’s support download website at the links above.