The security update, Apple's seventh of the year, fixes flaws in its own operating system code as well as in several third-party applications and components bundled with Mac OS X. Among the former are three bugs in the OS's font rendering system and four in its security framework. Third-party problems range from a bug in the ClamAV antivirus protection included with the server edition of Mac OS X to a flaw in Samba, an open-source file- and print-sharing system of services for Microsoft Windows.
Unlike Microsoft and other vendors, Apple doesn't rank or rate the vulnerabilities it patches. But about two-thirds of the bugs could result in what Apple called "arbitrary code execution," which means an attacker could, with a working exploit, completely compromise and hijack an unpatched Mac.
A fix for the Airport wireless driver in a number of older Mac machines—eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems—was one of the most prominent, as it led off the well-publicized "Month of Kernel Bugs" campaign. In September, Apple patched several other wireless vulnerabilities after an internal audit prompted by news the previous month that researchers had uncovered flaws in the company's wireless software.
Eight other Mac OS X vulnerabilities disclosed by the bug-a-day project weren't patched by the Tuesday update. At least one has been labeled as "highly critical" by Danish vulnerability tracker Secunia.
Security Update 2006-007 is available in versions for Mac OS X clients and servers in separate editions for Intel- and PowerPC-equipped systems. The 11-Mbyte to 46-Mbyte update can be retrieved via Mac OS X's integrated software update feature or downloaded manually from the Apple site.