Apple patched over 20 bugs in its Leopard operating system this Monday, when the company released the Mac OS X v10.5.6 security update. Users were advised to download and install the update immediately. The security update patches several issues in Mac OS X 10.5.

Among these issues, the update solves a vulnerability that could lead to denial of service upon viewing or downloading a PDF file containing a maliciously crafted embedded font. This particular vulnerability only affects v10.5 of Mac OS X.

Other issues, such as unexpected application termination or arbitrary code execution resulted from viewing a maliciously crafted image, or disclosure of user credentials after visiting a maliciously crafter website have also been addressed - Safari allows web sites to set cookies for country-specific top-level domains, which may allow attackers to perform a session fixation attack and hijack user credentials, Apple explained.

The update also solves multiple vulnerabilities in Adobe Flash Player plug-in, as well as issues with the Kernel, including one that allows local users to obtain system privileges, and another one with running executable files that link dynamic libraries on an NFS share, which could lead to system shutdown.

The security update also addresses several issues with the Libsystem, including one which caused applications using the inet_net_pton API and strptime API to become vulnerable to arbitrary code execution or unexpected application termination.

Apple also warned of an infinite loop which may occur by sending a maliciously crafter TCP packet, giving a remote attacker the ability to cause a denial of service if Internet Sharing is enabled.

Furthermore, the security update also addresses a problem with trying to open ISO files, which ended in an unexpected system shutdown, and a problem with the Podcast Producer server, which may allow unauthorized users to access administrative functions in the server.