Apple patches 12 Mac bugs in Flash, SSL

Apple on Tuesday patched 12 vulnerabilities in Leopard and Snow Leopard, including seven in Adobe Flash Player and one in the protocol used to secure Internet traffic.

Security update 2010-001, the first from Apple this year, is noticeably smaller than the monster issued last November that fixed almost 60 flaws.

The seven fixes for Flash Player, Apple's first update to the popular media player since September, brought the program up to version 10.0.42.34, the same edition that Adobe shipped Dec. 8, 2009, for Windows and Linux. Adobe tagged six of the seven vulnerabilities as critical in its own security advisory last month.

Because Apple bundles Flash Player with Mac OS X, it regularly distributes patches for the Adobe software, at times months after the latter has shipped patches. The six-week gap between Adobe's issuing fixes and Apple delivering them this time was similar to the time it took Apple to update Flash in the summer of 2009.

Altogether, nine of the 12 bugs were accompanied by the phrase "may lead to arbitrary code execution," Apple's way of saying that a flaw is critical and can be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle.

Read more -here-

• FTC warns three PC tech companies of potential warranty violations
• Netflix is already killing its cheapest ad-free plan
• Meta's pay-for-privacy model is illegal, says EU
• FCC wants to force carriers to unlock phones for consumers
• NASA names SpaceX for scheduled deorbit destruction of ISS
• Verizon to pay $1 million fine over 911 outage