wp-admin/install-helper.php a security leak on the newer versions of wordpress? By default file permission on those files are 644.
If there is any leak, what kind of please?
No, there is no security risk. Both files do sanity checks before anything happens.
If WordPress is already installed:
install-helper.phpreturns just a blank page.
install.phpsays WordPress is installed and you should log in:
You can forbid access to both files with a simple rule in your .htaccess above the permalink rules:
RedirectMatch Permanent wp-admin/install(-helper)?\.php /
This will redirect all requests to these files to the home page.