Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
1 comment

Security Update 2010-001

Apple has reset the counters on security updates for 2010, releasing Security Update 2010-001, with fixes for a small number of specific vulnerabilities. Most notably, the Flash Player plug-in is updated to version 10.0.42 to address multiple vulnerabilities, the most serious of which could lead to arbitrary code execution when viewing a maliciously crafted Web site. Several other fixes block vulnerabilities that could have been exploited by malicious TIFF images, DNG images, and MP4 audio files. Also resolved is a potential denial-of-service attack directed against CUPS (the Common Unix Printing System that
underlies Mac OS X’s print architecture). Finally, OpenSSL is vulnerable to a man-in-the-middle attack that could enable an attacker to capture data or change the operations performed in an SSL-protected session; although the problem hasn’t been resolved within OpenSSL, Security Update 2010-001 disables renegotiation within OpenSSL as a preventative measure.

Security Update 2010-001 is available via Software Update and in standalone form for Mac OS X 10.6.2 Snow Leopard (21.9 MB download), for Mac OS X 10.5.8 Leopard (159.58 MB download), and for Mac OS X 10.5.8 Leopard Server (248.11 MB download).

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Security Update 2010-001