US-CERT urges update after Apple releases OS X 10.6.8 update

The US Computer Emergency Response Team (US-CERT) is advising Mac OS X users to update their systems following a security release from Apple.

The OS X 10.6.8 update addresses multiple flaws in the Leopard and Snow Leopard operating systems, some of which could allow an attacker to remotely execute code on a targeted system.

Other vulnerabilities include data disclosure, denial-of-service and an error which could allow an attacker to cause an unexpected system reset via a shared Wi-Fi connection.

The update addresses the Mac OS X App Store, QuickTime, MobileMe and Kernel components, and delivers a series of new signatures to detect and remove variants of the MacDefender malware package.

"It's important to understand that cyber criminals don't need to exploit a software vulnerability to infect a Windows or Apple Mac computer, or to steal sensitive information. All you need is some clever social engineering to trick the user into making a bad decision," wrote Sophos senior technology consultant Graham Cluley in a blog post.

"But that's not to say that exploiting a vulnerability can't make the job even easier for a malicious hacker if users haven't properly kept their computers up to date with security patches."

The update also includes a number of performance and stability enhancements for Snow Leopard systems, with fixes for Preview and an update to the App Store which will be necessary for installing the upcoming OS X Lion system update.

Users can obtain the Apple update through the OS X Software Update tool or through Apple's download site.