Apple updates Snow Leopard, fixes 69 flaws

apple logo

Apple's latest update to its Leopard and Snow Leopard operating systems brings with it a total of 69 security fixes many of them labelled as critical.

The company rolled out Mac OS X 10.6.3 yesterday, and with it issued Security Update 2010-002 for existing users of both client and server versions of OS X 10.6 Snow Leopard and OS X 10.5 Leopard. The security update is already incorporated in OS X 10.6.3.

According to the release notes, 69 security-related changes have been made in total across the various versions of the OS.

QuickTime alone is responsible for nine of the fixes, including addressing a heap buffer overflow in the program's handling of movies encoded in H.263, H.261, RLE, M-JPEG, FLC and MPEG formats, and dealing with memory corruptions in QuickTime's handling of H.264 and Sorenson movie files.

Many of the other security fixes to Snow Leopard apply solely to server-related components such as Wiki Server, Apache and iChat Server.

Separate patches are included for many of the open-source and UNIX components in Mac OS X, including PHP, MySQL and Ruby.

In addition to the QuickTime fixes for issues that could leave the door open for maliciously crafted movie files, CoreImage and ImageIO fixes beef up the OS' defences against malicious image files.

Aside from the security fixes, OS 10.6.3 brings with it a number of usability and performance tweaks too.

Users should see improved wireless networking performance including better Wi-Fi security, fixes for sleep/wake issues when connected with Wi-Fi and better wireless Time Machine backups to a Time Capsule.

The update also improves compatibility with OpenGL-based applications, boosts printing reliability and reliability of third-party USB input devices, resolves issues with recurring events in iCal when connected to an Exchange server.

Apple has also adjusted its Crash Reporter mechanism for reporting application and system crashes. When clicking on the Send to Apple button, not only will the system now send Crash Reporter state data, but also information on the applications and hardware devices connected to your Mac as well as recent system log info.

This simply automates the sending of information which is requested by Apple anyway when it follows up a crash report, with the company insisting it is completely anonymous.

Apple has issued detailed release notes on both the OS X 10.6.3 update and Security Update 2010-002, which include instructions for downloading and installing the updates.