Apple has reset the counters on security updates for 2010, releasing Security Update 2010-001, with fixes for a small number of specific vulnerabilities. Most notably, the Flash Player plug-in is updated to version 10.0.42 to address multiple vulnerabilities, the most serious of which could lead to arbitrary code execution when viewing a maliciously crafted Web site. Several other fixes block vulnerabilities that could have been exploited by malicious TIFF images, DNG images, and MP4 audio files. Also resolved is a potential denial-of-service attack directed against CUPS (the Common Unix Printing System that
underlies Mac OS X’s print architecture). Finally, OpenSSL is vulnerable to a man-in-the-middle attack that could enable an attacker to capture data or change the operations performed in an SSL-protected session; although the problem hasn’t been resolved within OpenSSL, Security Update 2010-001 disables renegotiation within OpenSSL as a preventative measure.
Security Update 2010-001 is available via Software Update and in standalone form for Mac OS X 10.6.2 Snow Leopard (21.9 MB download), for Mac OS X 10.5.8 Leopard (159.58 MB download), and for Mac OS X 10.5.8 Leopard Server (248.11 MB download).