Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
1 comment

Security Update 2010-001

Apple has reset the counters on security updates for 2010, releasing Security Update 2010-001, with fixes for a small number of specific vulnerabilities. Most notably, the Flash Player plug-in is updated to version 10.0.42 to address multiple vulnerabilities, the most serious of which could lead to arbitrary code execution when viewing a maliciously crafted Web site. Several other fixes block vulnerabilities that could have been exploited by malicious TIFF images, DNG images, and MP4 audio files. Also resolved is a potential denial-of-service attack directed against CUPS (the Common Unix Printing System that underlies Mac OS X’s print architecture). Finally, OpenSSL is vulnerable to a man-in-the-middle attack that could enable an attacker to capture data or change the operations performed in an SSL-protected session; although the problem hasn’t been resolved within OpenSSL, Security Update 2010-001 disables renegotiation within OpenSSL as a preventative measure.

Security Update 2010-001 is available via Software Update and in standalone form for Mac OS X 10.6.2 Snow Leopard (21.9 MB download), for Mac OS X 10.5.8 Leopard (159.58 MB download), and for Mac OS X 10.5.8 Leopard Server (248.11 MB download).

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Security Update 2010-001