Apple has published a major security patch. Mac OS X 10.5.5 is the sixth substantial security update from the company this year. The patch cycle also includes fixes for version 10.4 of Apple's software.

Both updates mend DNS security holes in older versions of BIND previously bundled with Apple's software. There are also updates for Directory Services, kernel, OpenSSH remote access software, QuickDraw Manager and more.

The flaws in ImageIO, QuickDraw Manager, VideoConference and ATS could lend themselves to hostile code injection. Meanwhile security bugs in libresolv could allow DNS cache poisoning, Apple's security notice explains.

Security watchers - such as the Internet Storm Centre - recommend the prompt patching of Apple systems. The updates follow fixes for iTunes and QuickTime application software released last week. ®

Related stories

• Microsoft, Apple trumpet bevy of critical vulns (10 October 2008)
• Apple patents OS X Dock (8 October 2008)
• Apple probes poison-pumping Mac claim (2 October 2008)
• Apple fans besieged by iPhone Trojan and iTunes attack (19 September 2008)
• Apple unsheathes Jesus Phone 2.1 (13 September 2008)
• Apple code of secrecy imperils Aunt Mildred (10 September 2008)
• Mac users urged to ditch Safari (5 August 2008)
• Tardy Apple finally releases DNS patch (1 August 2008)
• Apple drags its heels on iPhone security patches (4 July 2008)
• Apple's fourth Leopard spits out 25 patches (1 July 2008)
• Threat remains despite Safari carpet bombing fix (23 June 2008)
• Apple mega update strikes out calendar bug (29 May 2008)
• Apple update trick triples Safari share (2 May 2008)