Apple fixes Flash snafu in Snow Leopard, patches 33 bugs in Leopard
Mac users get third and fourth updates this week, but Safari may be next, says researcher
Computerworld - Less than two weeks after Apple launched Snow Leopard, the company today issued the new operating system's first security update. In a separate upgrade, Apple patched 33 vulnerabilities in 2007's Leopard, and about half as many in the even older Tiger.
Today's updates were the third and fourth from Apple in the last two days. Wednesday, Apple delivered security fixes for the iPhone and iPod Touch, as well as another upgrade for its QuickTime media player.
"It's another sneak attack," said Andrew Storms, director of security operations at nCircle Network Security, referring to the string of updates. "Actually, it's almost what we've come to expect from Apple," he added. Unlike rival OS maker Microsoft, which releases most of its security upgrades on a pre-set monthly schedule, Apple ships its patches whenever they're ready to go out the door.
The Snow Leopard 10.6.1 update's security content consisted solely of an upgrade for Adobe's Flash Player, which was bumped to the up-to-date version 10.0.32.18.
Users and security researchers had taken Apple to task for not only shipping Snow Leopard with an outdated and vulnerable version of Flash Player, but also for silently "downgrading" once-secure editions when Macs were updated to the new operating system.
Mac OS X 10.6.1 packaged nine patches for Flash vulnerabilities, some of which could result in "arbitrary code execution," Apple-speak of a critical flaw that attackers could exploit to grab control of a Mac. According to the corresponding Adobe security advisory, six of the nine flaws could be considered critical.
Apple released the first update for Snow Leopard less than two weeks after it debuted the operating system on Aug. 28, a slightly faster pace than in 2007, when Apple took about three weeks to issue the first security update for Mac OS X 10.5, aka Leopard.
Adobe updated Flash Player to 10.0.32.18 in late July to plug a dozen vulnerabilities, including three inherited from flawed Microsoft development code -- obviously, those were not present in the Mac version -- and one that hackers had been exploiting for at least a week, which did apply to the Mac.
"Having to release a whole OS update just to patch one third-party component, that's a bit heavy-handed," said Storms. "Apple had to go through one whole engineering cycle to fix Flash."
As if to echo Storms' point, Apple noted that the 10.6.1 update -- which admittedly includes fixes for eight non-security issues -- tipped the scale at 75MB.
The Security Update 2009-005 for Leopard and Tiger was more traditional, patching 33 vulnerabilities in the former and 16 in the latter. Of the 33 bugs in Mac OS X 10.5, Leopard, 23 were tagged with Apple's "arbitrary code execution" phrase; 14 of the 16 flaws in Tiger were pegged the same way.
Mac OS X Snow Leopard
- Opinion: In depth with Apple's Snow Leopard Server
- Apple fixes data deletion bug in Snow Leopard, blocks Atom 'hackintoshes'
- Smackdown: Windows 7 takes on Apple's Snow Leopard
- Snow Leopard sales roar out the gate
- Apple missed security boat with Snow Leopard, says researcher
- HP adds Snow Leopard printer drivers after customer complaints
- Apple fixes Flash snafu in Snow Leopard, patches 33 bugs in Leopard
- Snow Leopard 'downgrades' Flash to vulnerable version
- Psystar starts selling Mac clones with Snow Leopard
- Snow Leopard's System Preferences shuffle



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into... All Mac OS White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Mac OS Webcasts
