Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.
The update includes patches for third party components like Adobe’s Flash Player plug-in, Clam AV, MySQL and PHP. A separate update was released for Snow Leopard to fix the issue where a vulnerable version of Flash Player was included with the new operating system.
[ SEE: Snow Leopard ships with vulnerable Flash Player ]
The Security Update 2009-005 fixes several “arbitrary code execution” vulnerabilities that can be exploited if a user is tricked into opening certain file types.
Among the components with serious security defects are Alias Manager, CarbonCore, ColorSync, CoreGraphics and ImageIO.
It also includes a new version of Clam AV, available for Mac OS X Server v10.5.8, to fix multiple code execution flaws in the open-source anti-virus package.
The new Flash Player plug-in fixes nine different vulnerabilities, the most serious of which could lead to computer takeover attacks via rigged Web pages.
Security Update 2009-005 is available from the Software Update pane in System Preferences, or Apple’s Software Downloads web site
