Apple has released an update to its Snow Leopard operating system (OS), fixing 39 bugs. This move is in preparation for Apple’s impending upgrade to its new Lion OS, which is slated to ship next month.
Update 10.6.8 includes patches for Snow Leopard and Snow Leopard Server. A security-only patch was also released for Mac OS X 10.5, aka Leopard that addresses over 13 vulnerabilities. The update is expected to provide general OS fixes that enhance OS X’s stability, compatibility, and security.
Five security bugs have been fixed in QuickTime’s image viewing component, which could be exploited for executing arbitrary codes. In addition, update 10.6.8 has improved support for IPv6 and VPNs, as well as fixes stability issues with Preview. The update includes patches for security vulnerabilities in Airport, ColorSync, ATS (Apple Type Services), and CoreGraphics, which may allow an attacker to execute arbitrary code on the victim’s machine. Security holes have been patched in Apple’s MobileMe client.
Apple has fixed an error handling issue with OS X’s Certificate Trust Policy, which accepted revoked extended validity digital certificates as valid, if no online certificate status protocol URL was specified. Eight distinct remote code execution flaws in Apple’s MySQL implementation on OS X Server and five in its OpenSSL implementation have been patched.
Apple has also added enhancements to App Store in preparation for the release of the Lion OS. The new OS is expected to be a Web-only, disk-less release. Lion will be available as an upgrade only for Snow Leopard.
As per Apple’s policy, this is expected to be the last non-security update for Snow Leopard, which will receive security-only patches after the release of OS X 10.7 or Lion. Support for Leopard is expected to be discontinued this year.
Apple recommends that all users running Snow Leopard update to v10.6.8, which is available on Apple’s support page or through OS X’s inbuilt software update utility. More information about the update can be found on Apple’s knowledgebase . Information about the security details of the update can be found here.