Apple update plugs security vulns
Beefs OS X, Java, Safari for Windows
Sponsored: Customer Identity and Access Management
Apple has released a set of security updates that plug over two dozen holes in Mac OS X - including the Safari RSS vuln  discovered last month - plus a vuln apiece in Java for Mac OS X 10.5, 10.4, and Safari for Windows.
According to an Apple support document, Security Update 2009-001  addresses vulns that include "multiple vulnerabilites " in fetchmail and possible arbitrary code execution in certain situations involving Apple Pixlet Video, CarbonCore, ClamAV, CoreText, perl, python, Safari RSS, SMB, and X11.
Apple reports that the Java for Mac OS X 10.5 Update 3  and Mac OS X 10.4 Update 8  both address "Multiple vulnerabilities in Java Web Start and Java Plug-in," the most serious of which can also result in arbitrary code execution when "visiting a web page containing a maliciously crafted Java applet."
The Safari 3.2.2 for Windows  update addresses the aforementioned Safari RSS vuln.
We advise Mac OS X users to either run Software Update to obtain these vuln-killers or download  them from Apple's support site. Windows XP and Vista users can upgrade to Safari 3.2.2 by going to Apple's Safari site  and clicking the Download Now button.
While Apple has had more than its share of upgrade problems  in recent months, we can report that we've experienced no problems after installing these security updates. But it wouldn't be a bad idea to keep your eye on MacFixIt  and MacInTouch  for a couple of days.
In a Conficker/Downadup  world, it's better to be safe than sorry. ®