It would appear someone in Apple is listening after all. The security issue I detailed over at Mac Geekery has been fixed in this latest security update, according to the release notes for the update. Very nice.

Big kudos to Apple for even fixing it in 10.3.8. Now I just need to see how they fixed it…

CVE-ID: CVE-2006-4404
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,
Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact: When installing software as an Admin user, system privileges may be used without explicit authorization
Description: Admin users are normally required to authenticate before executing commands with system privileges. However, the Installer allows system privileges to be used by Admin users when installing certain packages without requiring authentication. This update addresses the issue by requiring authentication before installing software with system privileges.