Apple ships first Leopard security update in nearly a year
No bug fixes for Mac OS X 10.5, but instead issues Flashback scrubber and disables outdated copies of Flash Player
Computerworld - Apple on Monday issued its first security-related update for OS X 10.5, or Leopard, in nearly a year, to disable long-outdated versions of Adobe's Flash Player.
Security Update 2012-003 does not patch any known vulnerabilities, but is instead a Leopard-specific version of what Apple released last week for OS X 10.6, or Snow Leopard, and the newer OS X 10.7, better known as Lion.
Like those updates, 2012-003 for Leopard removes versions of Flash Player older than 10.1.102.64. Adobe issued that edition of Flash in November 2010. It was also the final version Apple delivered to its customers before it stopped maintaining Flash.
Monday's update will not be installed on PowerPC-equipped Macs running Leopard.
On May 9, Apple disabled older copies of Flash Player on Snow Leopard and Lion using an update to Safari 5.1.7. Because that version of Apple's browser doesn't support Leopard, the company instead updated the operating system.
The newest version of Flash Player for Leopard is 10.3.183.19, which was released earlier this month. That newest version, which requires an Intel processor, can be downloaded from Adobe's website.
Also on Monday, Apple released a version of the Flashback malware removal tool designed for Leopard. Apple had offered the same tool to Snow Leopard and Lion users on April 12.
The Flashback seek-and-destroy tool was Apple's response to a massive campaign that exploited a Java vulnerability to infect hundreds of thousands of Macs.
Apple still maintains Java for users of Snow Leopard and Lion, but last patched the Oracle software for Leopard users in June 2011.
Unlike the Snow Leopard and Lion Flashback removal tool update, the one for Leopard said nothing about automatically disabling the Java plug-in used by browsers such as Safari, Chrome or Firefox.
Security experts and pundits have blasted Apple for its sluggish patching of Java bugs and for dropping support for older operating systems too quickly.
It's unlikely that Monday's Leopard updates signal a change in Apple's support policy since they do not address any security vulnerabilities that may exist in Leopard.
Monday's updates were the first that Apple has shipped for Leopard since November 2011, when it patched a bug in iTunes 10.5.1. The last operating system security update applicable to OS X 10.5 was delivered in June 2011.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Apple hands stock worth $12.1M to top execs in retention deal
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts