Adobe knocks Apple for serving up outdated Flash Player

Apple patches 28 bugs with Mac OS X 10.6.4; Update includes Flash from February

1 2 Page 2
Page 2 of 2

This time, Mac users who manually updated Flash Player to version 10.1.53.64 since last week need not take any further action, Arkin said in a follow-up message on Twitter. "[Mac OS X] 10.6.4 doesn't appear to downgrade users that had previously updated to Flash Player 10.1.53.64, so users don't have to reapply the update," Arkin said yesterday.

Users can check to see which Flash Player edition they're currently running by visiting the About Flash Player site. Users must run the check in each browser installed on their Macs. If they find they're running an older edition, the newest 10.1.53.64 can be installed by manually retrieving the update from Adobe's Web site.

Seven of the 28 flaws, or 25% of the total, fixed by Apple in Mac OS X 10.6.4 were tagged with the phrase "arbitrary code execution," Apple's way of saying that the bugs were critical and could be used to infect a Mac with malware, including spam bots and identity-stealing keyloggers.

Among the non-Flash Player vulnerabilities addressed by Mac OS X 10.6.4 were three in its implementation of CUPS (Common Unix Printing System), three in the Kerberos authentication protocol, one in Apple's iChat instant messaging client, and one in Apple's Wiki Server software.

Mac OS X 10.6.4 also updated Safari to version 5; Apple launched the new browser June 7, patching a record 48 vulnerabilities at that time.

Apple said it addressed 16 non-security issues in Mac OS X 10.6.4 as well, including a reliability improvement for VPN (virtual private network) connections and a resolution of an unresponsive keyboard problem.

Apple last updated Snow Leopard in May, when it closed a record 92 security holes, a third of them critical.

Users running Mac OS X 10.5, aka Leopard, also received a security update yesterday.

Mac OS X 10.6.4 can be downloaded from the Apple site or installed using the operating system's integrated update service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon