Apple on Monday released Mac OS X 10.5.4, which addresses operating system and application performance issues and fixes 25 security vulnerabilities.
The update, available from Apple's Web site and through the Mac OS X Software Update control panel, resolves problems with saving and reopening Adobe Creative Suite 3 files on a remote server, adds RAW image support for several cameras, addresses a potential X11 installation issue, and improves L2TP VPN client reliability.
The update also improves the reliability of Apple's wireless AirPort hardware with 5-GHz networks and certain music applications. It improves iCal syncing and fixes several other iCal issues. It resolves potential Safari performance issues when loading secure Web pages and when accessing secure Web pages with client certificates that reside on a smart card.
In addition, the update fixes several Spaces and Expose bugs.
The security portion of the update affects the following operating system components: Alias Manager, CoreTypes, c++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN, and WebKit.
Nine of the 25 vulnerabilities addressed affect the Tomcat 4.1.36, which comes bundled with Mac OS X v10.4.11 systems. The fixed version of Tomcat is now 4.1.37. Mac OS X 10.5 comes with Tomcat version 6.x and thus it not affected.
Six of the 25 vulnerabilities affect the Ruby programming language. "Multiple memory corruption issues exist in Ruby's handling of strings and arrays, the most serious of which may lead to arbitrary code execution," Apple explains. "This update addresses the issue by performing additional validation of strings and arrays." One Ruby fix addresses a vulnerability related to the way Ruby's WEBrick toolkit handles capitalization.
The Alias Manager, Launch Services, and System Configuration issues are specific to Mac OS X v10.4.11 and Mac OS X Server v10.4.11. They do not affect Mac OS X 10.5.
The Dock fix closes a vulnerability that could have allowed a person with physical access to a Mac protected by a screen saver password or wake-from-sleep password to bypass the password screen if Expose hot corners happened to be active.