After taking guff in the press for a while for its lack of a patch for the famous recent DNS bug, Apple has finally issued a patch. The update it comes in also patches 16 other vulnerabilities:

• Open Scripting Architecture—Privilege elevation bug when loading plug-ins.
• CarbonCore—A stack overflow in handling long file names. Potential code execution.
• CoreGraphics—Two bugs, both code execution, one for malicious graphics, the other for malicious PDFs.
• Data Detectors Engine—Engine may crash when parsing maliciously crafted content.
• Disk Utility—A local user may obtain System privileges.
• OpenLDAP—An ASN parsing bug can lead to a crash.
• OpenSSL—A range checking error from last September (Red Hat patched it in two weeks) can lead to remote code execution.
• PHP—Five different bugs, the worst of which can lead to remote code execution.
• QuickLook—A maliciously crafted Microsoft Office file can cause QuickLooks to crash or allow remote code execution.
• rsync—Path validation errors, which were also reported in 2007, are resolved.