Apple Inc. released its 5th major security update for Mac OS X. The security patch takes care of 17 vulnerabilities.If Apple sorted bugs by a ranking system, including Microsoft Corp., most of the bugs fixed by Security Update 2007-005 would be rated less than critical. In eight out of the 17, exploits could do no more damage than to generate a denial of service of, or crash the affected component.

Microsoft typically pegs such vulnerabilities as important rather than critical. Only five of the patched vulnerabilities could result in an attacker executing his own code.

Among the serious bugs is one in how Mac OS X 10.4, known as Tiger, handles PDF files. Another dangerous flaw fixed by this patch exists in the code that maps ports on home networks in iChat, Apple's instant messaging service and software.

An attacker needs only to send a malformed packet to trigger a buffer overflow, which could then be used to add malicious code to the Mac.
The hacker, however, must have access to the local network to exploit the bug.

Other parts of Mac OS X that were patched include BIND , the de facto standard Domain Name System server software, which was patched against four vulnerabilities; the Ruby CGI library and Fetchmail.

The security update can be downloaded from the Apple site or using Mac OS X's built-in update service.