Apple late yesterday issued a security update that fixes a number of bugs exposed through the recent Month of Apple Bugs project. The update is available through the normal OS X Software Update mechanism. Apple’s notes on the update specifically call out the MOAB bug numbers, although they don’t include links to the MOAB Web site, which is especially important since one of the bug listings on that site actually included a maliciously crafted JPEG 2000 file (as first reported in this blog).

The update includes bug fixes to Apple’s disk image file format, iChat (and its associated Bonjour service location) and a user notification mechanism. None of these bugs are known to have been exploited “in the wild,” but fixing them will still increase the overall security of Mac OS X systems.

Despite its questionable means and motives, the MOAB project seems to have nonetheless uncovered a number of bugs that Apple deems worthy of fixing (Apple had also fixed the first MOAB bug, a QuickTime issue, in a previous security update). So it seems the MOAB “researchers” are getting both the blame and the credit they deserve.