When it comes to security updates, boring is good. The latest security update, 2008-001, is boring. The update, included with the Mac OS X 10.5.2 (Leopard) update, and also available for Mac OS X 10.4.11 (Tiger), contains little of great interest or concern. That’s the way it should be.

A good example is a fix for the Service Location Protocol (SLP). SLP is actually no longer used in Leopard, and the fix for Tiger addresses an issue raised over a year ago by the Month of Apple Bugs project. Why Apple chose to fix this problem now is a good question, but that fact that they took over a year and no one really worried is a good indicator of how boring the fix is :)

The update only contains 11 items, compared to, for instance, the 50 in security update 2007-003. Of those 11, only a couple are really worth worrying about. These are the usual “maliciously crafted URL” vulnerabilities, where in theory a “maliciously crafted Web site” could wreak havoc with your machine. Beyond that, not much. Which is a good thing.