Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

Security Update 2010-001

Apple has reset the counters on security updates for 2010, releasing Security Update 2010-001, with fixes for a small number of specific vulnerabilities. Most notably, the Flash Player plug-in is updated to version 10.0.42 to address multiple vulnerabilities, the most serious of which could lead to arbitrary code execution when viewing a maliciously crafted Web site. Several other fixes block vulnerabilities that could have been exploited by malicious TIFF images, DNG images, and MP4 audio files. Also resolved is a potential denial-of-service attack directed against CUPS (the Common Unix Printing System that underlies Mac OS X's print architecture). Finally, OpenSSL is vulnerable to a man-in-the-middle attack that could enable an attacker to capture data or change the operations performed in an SSL-protected session; although the problem hasn't been resolved within OpenSSL, Security Update 2010-001 disables renegotiation within OpenSSL as a preventative measure.

Security Update 2010-001 is available via Software Update and in standalone form for Mac OS X 10.6.2 Snow Leopard (21.9 MB download), for Mac OS X 10.5.8 Leopard (159.58 MB download), and for Mac OS X 10.5.8 Leopard Server (248.11 MB download).

 

Smile makes tools so you can have a productive day. PDFpen: Massage
your PDFs into shape on Mac, iPhone, and iPad. TextExpander:
Automate typing on Mac, Windows (in beta), iPad, and iPhone.
Free trials and friendly support. <http://smle.us/smile-tb>
 

Comments about Security Update 2010-001
(Comments are closed.)

John Baxter  An apple icon for a Friend of TidBITS 2010-01-19 15:59
Of course, we've all updated Flash already.

Tiger (and earlier) users should update Flash using Adobe's marvelous update system.