Patching the Patch: Trouble with the new Mac OS X Snow Leopard update
The good news: The new Snow Leopard patch fixes a lot of problems. The bad news: It also introduces one.
I was very pleased to see Apple's new Mac OS X Snow Leopard patch this morning. It fixed numerous minor, but annoying problems with my Mac Mini and my wife's MacBook Pro. It also cleaned up numerous security problems. That's the good news. The bad news is it also introduced a serious security bug by including an old, and vulnerable, copy of Adobe Flash.
The good news is that it fixed several issues that I've had trouble with myself. In particular, I was glad to see that my Macs now work much better at copying, renaming, and deleting files on SMB (Server Message Block) file servers, aka Windows, Linux, and most NAS (Network Attached Storage) servers. Since I keep my music and video libraries on servers this was a real plus. Also in the networking line, it fixed a problem with maintaining VPN (virtual private networking) connections.
The patch also includes a handy fix for a touchpad problem that would sometimes make the MacBook Pro next to useless for a few seconds at a time. While I never ran into this problem myself, I also understand that it fixes a music playback problem with some MacBook Pro's speakers.
Needless to say, it also includes Apple's latest version of its Web browser, Safari 5. While I'm not a big Safari fan, it is faster than the earlier models and offers, for what it's worth, some HTML 5 support.
So, all-in-all I'd call this a good and, with 28 security holes filled in, necessary update. Except, there's this little problem, as Adobe's Wendy Poland pointed out: "The update includes an earlier version of Adobe Flash Player. 10.0.45.2, than the newest one that's available from Adobe.com. While the Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64)."
What Poland doesn't mention is that Flash Player 10.0.45.2 is a real stinker of a Flash player with no fewer than 32 vulnerabilities and most of those are rated "critical." Windows has already been attacked through some of those holes, and it's not impossible that your Mac could be smacked around as well.
Poland recommends that you check your Flash Player version number, after applying the security update, by going to the About Flash Player page and making sure you're running Flash Player 10.1.53.64. If you're not, head over to the Adobe Flash player Website and download the latest, greatest, and safest version.
The Mac OS X 10.6.4 update, all 315MBs or so of it is available for download now. The easiest way to get it, of course, is to just Choose Software Update from the Apple menu. After that, just make darn sure that you have the newest Adobe Flash Player and all should be well. Remember just because Windows gets the lion's share of attention from crackers doesn't mean that your Mac is magically immune.