Apple has released an essential security update for Mac OS X.
The update protects systems against ten identified vulnerabilities, including patches to protect them against recently disclosed malware such as the well-known Leap-A trojan.
Apple says 'update now'
Apple recommends all Mac users should install the update, which is available through Software Update and also from Apple's support website.
Apple explained its reticence to discuss recent identified security flaws, saying: "For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."
Versions of the update - Security Update 2006-001 - are available for PowerPC and Intel-based Macs running Mac OS X 10.4.5 and also for client and server systems running Mac OS X 10.3.9.
Leap-A anxiety addressed
The company describes its measures to protect against the Leap-A trojan, which self-replicates using iChat, as follows: "A malicious application named Leap-A that attempts to propagate using iChat has been detected. With this update, iChat now uses Download Validation to warn of unknown or unsafe file types during file transfers."
Safari is safe again
Safari has seen its security shored up in several areas.
A flaw in which malicious people could disguise an application as a file which appears to be safe, such as an image or movie, has also been repaired. This flaw threatened users who had the "Open 'safe' files after downloading" option enabled. If they visited a site offering such a file, they would be able to inadvertently download the application which would then run and potentially cause problems.
"This update addresses the issue by performing additional download validation so that the user is warned (in Mac OS X 10.4.5) or the download is not automatically opened (in Mac OS X 10.3.9)," Apple explained.
Mail and more
Mail has also been updated in order that its Download Validation feature is able to check files more thoroughly for problems when an email attachment is double-clicked.
Additional repairs have been made to a number of system components, including: apache_mod_php; automount; Bom; Directory Services; IPSec; LaunchServices; LibSystem; loginwindow; OpenSSH; rsync and Syndication.