Apple has released a security update - 2004-09-07.

This update is available for Mac OS X 10.3.4, 10.3.5 and 10.2.8 systems, and their server equivalents.

In keeping with a recent Apple promise to become more transparent in dealing with its updates, the company has released extensive notes detailing what the individual components of update do.

Apple recommends the update for all Mac users. It includes numerous components: CoreFoundation; IPSec; Kerberos; libpcap; lukemftpd; NetworkConfig; OpenLDAP; OpenSSH; PPPDialer; rsync; Safari; tcpdump.

The Kerberos and IPSec fixes mend a number of recently-reported vulnerabilities, for example: multiple buffer overflows in Kerberos could let remote attackers execute arbitrary code. Apple has disabled a feature that could permit this.

The update also introduces Apache 2.0.50, which fixes a number of denial of service vulnerabilities. This update is only part of Mac OS X Server.