Apple’s October Update Plugs Holes in XML, PHP, PDF

OS X Security Update Fixes 40 Flaws

Severity: High

9 October, 2008

Summary:

§These vulnerabilities affect: OS X 10.4.x (Tiger) and OS X 10.5.x (Leopard), both client and server versions

§How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site, downloading a malicious document, or subscribing to a malicious RSS feed

§Impact: Various results; in the worst case, attacker executes code on your user’s computer, potentially gaining full control of it

§What to do: OS X administrators should download, test and install Security Update 2008-007