The third ’06 security update for Mac OS X has been released.
This update fixes 25 separate vulnerabilities, including several issues related to zipped files and image files reported by Tom Ferris too.
The original security advisory from Apple is located at
Exploitation of many issues may lead to arbitrary code execution.
Security Update 2006-001 – 15 issues
Security Update 2006-002 – 3 issues
Security Update 2006-003 – 25 issues
From the SANS Top 20 Spring Update:
2006 Spring Update on SANS Top 20 Internet Security Vulnerabilities Shows Marked Increase in Zero-Day Attacks and Growth in Attacks on Apple OS/X
It’s time to visit Apple Downloads site or use your Software Update feature.
UPDATE: I missed to include link to McAfee’s new white paper The New Apple of Malware’s Eye: Is Mac OS X the Next Windows? [PDF document, 6 p.]
UPDATE #2: According to Ferris’s new posting ‘All f the Safari flaws within the Apple OS X Safari 2.0.3 Multiple Vulnerabilities advisory are still unpatched. Additionally, ‘The core issue “ReadBMP ()” .bmp Heap Overflow has not been fixed’.