Security Update 2009-001

Apple has released Security Update 2009-001 via Software Update. The update addresses a bunch of bug fixes and security issues. Most notably, it fixes the Safari RSS vulnerability discovered by Brian Mastenbrook and reported last month. You might remember that the vulnerability could allow a malicious RSS feed to include javascript that could potentially allow malicious local exploits on a user's Mac. Most of the other fixes have to do with more geeky tools that the average user isn't even aware of (perl, python, fetchmail, CUPS, etc.). A fair number of the fixes are for possible-to-exploit issues that aren't yet live "in the field," but that researchers and security experts have identified as vulnerabilities. You can read the full details here. The update is available in versions for Leopard, Leopard Server, Tiger PPC, Tiger Intel, Tiger Server Universal, and Tiger Server PPC.

Apple also has released an update to Java, for both Tiger and Leopard, and a new version of the Safari Web browser for Windows as well as the OS X version. Mac users can of course get the new version of Safari with the other updates, via Software Update (look under the Apple menu). You can also download the security update directly from Apple Downloads here. If you've done non-standard things to your Mac's operating system, as always, be cautious in applying system updates. If you're a Windows users who wants to your your Apple iDisk and synch via MobileMe, you might want to download the Windows MobileMe control panel from Apple here.