January 19, 2010, 6:40 PM — Apple on Tuesday released Security Update 2010-001 for Mac OS X Snow Leopard as well as versions for both client and server releases of its predecessor, Mac OS X Leopard. These updates improve the security of Mac OS X are recommended for all users of the respective versions.
Included in the update are a number of patches, including a buffer overflow for the CoreAudio system that could let a maliciously crafted MP4 audio file execute arbitrary code, a hole in the CUPS printing system where a remote attacker could cause the system to terminate, flaws in the ImageIO and Image RAW software that could let maliciously crafted image files execute arbitrary code, and a patch for the OpenSSL network encryption system that could allow a third-party to capture encrypted data.
Security Update 2010-001 also contains the most recent version of Adobe's Flash Player plug-in, 10.0.42, which fixes numerous vulnerabilities, among them one that could lead to arbitrary code execution as a result of viewing a maliciously crafted Website.
The updates weigh in at 21.9MB for Snow Leopard, 159.58MB for Leopard client, and 248.11 MB for Leopard server, though the size may vary from computer to computer. They are available through Software Update or via Apple's Support downloads page.
