NOTE: these updates may be easily be installed by choosing "About this Mac" from the Apple menu and clicking on the "Software Update..." button.

Apple Mac OS X Bulletins (APPLE-SA-2004-08-09)

Yesterday, two bulletins were released by Apple. The first bulletin involved the libpng (Portable Network Graphics) vulnerability that has been in numerous patches in the Unix and Linux world in the past 2 weeks. The Mac OS X CoreGraphics and AppKit frameworks have been updated to protect against the flaws in the reference library. The software update is available for these versions of OS X:

* Mac OS X v10.3.4 "Panther" * Mac OS X Server v10.3.4 "Panther" * Mac OS X v10.2.8 "Jaguar" * Mac OS X Server v10.2.8 "Jaguar"

The second bulletin announced the availability of Mac OS X v 10.3.5. The new version of OS X includes the patch for libpng, and also includes security updates for the Safari Web Browser and the TCP/IP stack (the rose fragmentation attack).

For more information on either of these, please see the following URLs: http://docs.info.apple.com/article.html?artnum=61798 http://www.apple.com/support/downloads/