Apple on Wednesday released Security Update 2010-007, bringing the same security patches included in the recent Mac OS X 10.6.5 release to Macs running 10.5 Leopard client or server versions.
Among the more prominent fixes included in the update is a fix for a bug in Apple Type Services which could allow the downloading of a maliciously crafted font file to lead to arbitrary code execution. That bug, originally caught by security firm Core Security, was similar to a vulnerability in Apple’s iOS that allowed hackers to jailbreak devices running that software. Apple patched the flaw in an iOS update
In addition to fixing the font bug, 2010-007 brings an updated version of Adobe’s Flash Player plug-in—numbered 10.1.102.64—which patches a number of security vulnerabilities, some of which could lead to arbitrary code execution. Patches are also included for a number of holes in QuickTime, Time Machine, Safari RSS, Quick Look, and several of OS X’s other underlying systems.
The Leopard client version of Security Update 2010-007 weighs in at 240.74MB while the server version is 448.10MB. If you’re running an eligible system, the relevant update should appear in Software Update—otherwise you can download them from Apple’s support download Website at the links above.