Apple has patched a number of serious security bugs in Mac OS X and OS X Server.
Apple released advisories and updates last week to address approximately 25 security vulnerabilities in Mac OS X and OS X Server.
Many of the bugs are serious, allowing for privilege escalation and/or remote code execution, although all of these appear to require either local access or some form of user action. For example, consider CVE-2007-0646: "Opening a help file with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution." (This is a leftover from the Month of Apple Bugs in January.)
Possibly more dangerous is CVE-2007-0735: "Visiting malicious websites may lead to an unexpected application termination or arbitrary code execution."
As usual you can download the updates from the Apple Downloads site or just use the Software Update option in the Apple menu.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
