Yesterday Apple shipped Security Update 2008-007, making it 4 security updates in 4 months. Perhaps Apple is trying to institute regular security updates, which would be a very good idea. The content of the current update certainly doesn’t suggest that there has been any higher rate of real-world security issues, since most of the issues addressed, as is often the case, seem either minor or theoretical.

The release is again for both Tiger and Leopard, and mainly rolls in a number of fixes to third-party components with strange names: Apache, ClamAV, CUPS, MySQL, PHP, Postfix, Tomcat and vim. There are also the usual set of fixes for potential “arbitrary code execution” bugs.

Probably the most interesting “fix” is simply the addition of new and updated security “root certificates” to the OS. Used primarily in Web browsers when validating secure Web sites (via SSL and https), certificates help “prove” a site is what it claims to be. Keeping the OS root certificates up to date is certainly an important and practical thing.