Apple on Thursday released it seventh security update of the year, this time patching 40 vulnerabilities, many residing in third-party products.

The fixes -- rated "moderately critical" by vulnerability tracking firm Secunia -- addressed problems in open-source software such as ClamAV, MySQL Server and Apache Tomcat. Many open-source implementations are configured to run on the Mac OS X platform.

Roughly half of the vulnerabilities patched could be exploited to execute arbitrary code, according to the Apple update.

These bugs reside in ClamAv, ColorSync, CUPS, libxslt, MySQL Server, PHP, PSNormalizer and QuickLook.

Users can update through an automatic download or by visiting the Apple site.