Apple has released its first security fixes of 2010 for Mac OS 10.5 and 10.6, addressing a number of fixes in third-party code that Apple uses as part of its operating system.
One of those third-party items is Adobe’s Flash Player plug-in, which is being updated to version 10.0.42 for Mac OS. Adobe’s software, including Flash, is a frequent target for the security research community. As opposed to Windows, for which Microsoft’s update mechanism does not include Adobe fixes, Apple includes Adobe updates as part of its security updating process. Apple takes a similar approach for Java updates as well, which was the reason for the last Apple security update in December 2009.
The company is also providing a fix for OpenSSL issues related to a potential man-in-the-middle attack scenario. The attack against SSL was first reported back in November.
“An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL,” Apple noted in its advisory.
Apple’s first 2010 update also includes a fix for a security issue in the Common Unix Printing System, better known as CUPS. (Apple’s Mac OS has been Unix-certified since the Leopard release in 2007.)
Read the rest at eSecurityPlanet.