It seems Apple moved quickly to release an update to Mac OS X 10.6.1 – primarily, it would seem, to upgrade the Flash Player plug-in to the current 10.0.32.18. You may recall from last week’s security topic, that Apple’s initial release of Snow Leopard included an older version of Flash Player that was vulnerable to malicious attacks. Apple moved quickly to fix this, but with that response time, you have to wonder if this wasn’t an oversight as they were rushing to get Snow Leopard shipped. If you’ve made the move to Snow Leopard, make sure you get the update!
Apple had a busy week last week, however; with a flurry of releases.
It started with hosting a huge music event and showing a new line of iPods, introduced by none other than Steve Jobs himself. Of course, to go along with the new hardware, Apple also released iTunes 9 and QuickTime 7.6.4. I mention this as part of our security update, because this version of QuickTime… you guessed it… patches some vulnerabilities in which a maliciously crafted video could lead to a crash and ultimately execution of arbitrary code. Again, make sure you get this update!
Apple didn’t stop there, however. They have released iPhone OS 3.1 and OS 3.1.1 for iPod Touch, both available using the iTunes updater. These updates address several security concerns as well:
- Playing a maliciously crafted MP3 or AAC file could result in crashes and arbitrary code execution.
- Deleted mail may still be visible using Spotlight Search, as we reported last month.
- Several vulnerabilities related to web browsing that could result in security or privacy issues.
Apple has certainly done well in providing these updates, but in my opinion has done the user community an even greater service in their increased level of disclosure of the problems and their solutions. My hat is off to Apple for stepping up their level of communications, a very important part of strategy in security management!