On Tuesday Apple released a security update for Leopard and Snow Leopard (unfortunately, no updates for those still using Tiger) that patched 12 vulnerabilities, seven of which were in Adobe Flash Player and one involving secure internet traffic. The security update was much smaller than Apple’s recent update, released in November, that fixed close to 60 flaws.
The Flash Player patches updated it to version 10.0.42.34, the edition that Adobe shipped in December 2009 with Windows and Linux operating systems. Apple bundles Flash Player with its operating system, so it can distribute Adobe patches.
Nine of the 12 issues fixed were described by the phrase “may lead to arbitrary code execution,” which in Apple language means attackers could have exploited and hijacked a Mac due to these flaws.
Another notable problem fixed by this update was a flaw in SSL (secure socket layer) and TLS (transport socket layer) that could have allowed attackers to capture encrypted data. Two security analysts working at PhoneFactor discovered the flaw in August 2009.
Via Computerworld, image via Apple.