Apple released a patch for the iPhone and iPod Touch that plugs five security holes, including several that could allow an attacker to take control of the device remotely. iPhone OS 3.1.3 includes a number of security updates related to CoreAudio, ImageIO, Recovery Mode and WebKit.
More from Apple Security Update.
Apple has pushed out Security update 2009-004 which fixes BIND vulnerability.
From Apple: A remote attacker may be able to cause the DNS server to unexpectedly terminate. A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type ‘ANY’ where an assertion would previously have been raised.
Apple has released Security Update 2009-001 which fixed the Safari RSS vulnerability. Including in the security updates are fixes for Apple Pixlet Video, CarbonCore, ClamAV, CoreText, perl, python, Safari RSS, SMB, and X11.
The second update is for improving multiple vulnerabilities in Java Web Start and Java Plug-in.