Apple Releases Security Update 2010-001

Those keeping a close eye on Apple’s Downloads section should have noticed by now that the company developing Mac OS X has issued not only security updates, but also a bunch of updates addressing Windows 7 issues for Boot Camp users. During the course of this day, Softpedia will look at the important releases more closely, while the current article focuses on the latest Security Update – 2010-001 – for Leopard and Snow Leopard.

Security Update 2010-001 for Client and Server versions of Leopard, as well as the package aimed at machines running Snow Leopard, “is recommended for all users and improves the security of Mac OS X,” according to Apple. As usual, the company takes customers to a Support document detailing the particularities of Security Update 2010-001. Addressing six main issues with CoreAudio, CUPS, the Flash Player plug-in, ImageIO, Image RAW, and OpenSSL, Apple reveals that all but one of these vulnerabilities affect systems running Mac OS X from version 10.5.8 (Leopard) to version 10.6.2 (Snow Leopard).

Available for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2, a hole in OpenSSL would allow a privileged attacker to capture data over your network or change the operations performed in sessions protected by SSL, according to Support article HT4004. Here’s how Apple describes the issue (discovered by Steve Dispensa and Marsh Ray of PhoneFactor, Inc.):

“Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation.”

Available for the same number of Mac OS X versions are a series of vulnerabilities in the Adobe Flash Player plug-in, Apple further notes. The most serious of these bugs apparently leads to arbitrary code execution when viewing a maliciously crafted website, given the right circumstances. “The issues are addressed by updating the Flash Player plug-in to version 10.0.42,” Apple reveals. As usual, those who need more information are advised to head over to Adobe’s support page. Quite a number of security analysts and researchers are credited for discovering the bug.

For the rest of the issues addressed in Security Update 2010-001, visit Apple here. Those who don’t want to waste any more time can download the installer package immediately using the links below. The latest security updates for Mac OS X 10.4 (Tiger) are also available at these locations.

Download Security Update 2010-001 Client (Free)

Download Security Update 2010-001 Server (Free)