With its long list of security fixes in Mac OS 10.4.9, you would think Apple could have included one of the few fixes it made that actually addresses a real-world issue. But it seems they neglected to list at least one such security fix. In particular, 10.4.9 seems to fix the real-world vulnerability that we warned about here in the entry entitled “Warning: MOAB includes hack attempt.”

The Month of Apple Bugs project discovered a bunch of obscure security vulnerabilities in OS X and related products, and, despite the bugs’ mainly “theoretical” nature, Apple fixed a number of them in 10.4.9. But beyond exposing bugs, the MOAB “researchers” decided to inject at least one, by including a maliciously-formed JPEG 2000 file on one of their Web pages. The file would cause Safari, and various other applications, to hang up indefinitely, although there was never any evidence that it caused any worse results.

Based on testing here at Open Door Networks, it seems that 10.4.9 fixes this problem. At least Safari no longer hangs up when the MOAB page with the malicious JPEG 2000 image is opened under 10.4.9. And Safari on previous releases still does. Exactly why Apple neglected to list this important, real-world fix along with the mainly-non-real-world others may never be known, but at least it’s good to know that this particular fix is in.