Other vulnerabilities that Apple patched Monday plug holes that could lead to everything from a denial of service or unintentional disclosure of private information to an unexpected system shutdown or access to the Podcast Producer component of Apple's server software.

Several of the patches address bugs that could be exploited through a browser, including two fixes to CoreGraphics and one to CoreTypes. Hackers could exploit one of the two CoreGraphics vulnerabilities with a malformed image file, while the second -- which could conceivably result in the hijacking of user credentials -- could be exploited simply by duping users into visiting a malicious Web site.

Apple also patched CoreTypes to block additional file types from being opened after a user downloads them. Safari, for example, relies on the component's Download Validation function to warn users against opening dangerous or risky file types. "This update adds to the list of potentially unsafe types," said Apple's advisory. "It adds the content type for files that have executable permissions and no specific application association. These files are potentially unsafe as they will launch in Terminal and their content will be executed as commands."

CoreType's Download Validation feature had already been patched twice this year. Apple added more file types to the warning list in both the May 2008-003 update and , when it patched and 25 bugs, respectively.

Security Update 2008-008 can be , or installed using Mac OS X's integrated update service. Leopard users, however, won't see the security update separately on the latter; those patches were rolled into the Mac OS X 10.5.6 upgrade also released Monday.