Skip to Content

Apple Updates Mac to OS X 10.6.4

Apple’s Mac OS X is getting an update this week to version 10.6.4, providing users with a long list of security fixes, as well.

From a security perspective, the 10.6.4 release tackles a number of high-priority vulnerabilities including an updated Adobe Flash Player plug-in. Earlier this month, a zero-day security vulnerability had been found in Flash Player. A fix for Windows users became available at the end of last week with the Flash 10.1 release, while Mac users had to wait until Flash’s 10.0.45.2 update, contained in the latest OS X release.

Other flaws tackled in the 10.6.4 update are four flaws in Common Unix Printing System (CUPS), one of the open source software packages used in Apple’s Mac OS X, which has been certified as a Unix operating system since 2007.

Another flaw fixed in 10.6.4 related to the OS X Help Viewer function, which could have potentially been at risk from an arbitrary code execution flaw.

“A cross-site scripting issue exists in Help Viewer’s handling of help: URLs,” Apple said in its advisory. “Visiting a maliciously crafted Website may lead to the execution of JavaScript in the local domain.

The ImageIO image processing system is likewise being fixed for a pair of vulnerabilities: One in its handling of TIFF files while the other is in MPEG2 file-handling. Either one of the flaws could potentially have led to arbitrary code execution on the user’s desktop, Apple said.

Other security vulnerabilities addressed in the OS X update include one in Apple’s iChat instant messaging that could have enabled a remote user to load files to an arbitrary location on a Mac OS X user’s desktop.

Mac OS 10.6.4 will also update Mac users to the new Safari 5 Web browser, which Apple released earlier this month. Safari 5 includes new HTML5 and performance features in addition to providing security fixes.

Unlike Microsoft, which provides users with security updates on the first Tuesday of every month, Apple’s security update schedule isn’t quite monthly. The company released its Mac OS X 10.6.3 update at the end of March, while the Mac OS X 10.6.2 update came out in November 2009. The 10.6 Snow Leopard operating system itself first debuted four months earlier.

Originally published by eSecurityPlanet. Read the original story here

CNET.comQuick Note: Check Flash version after installing Mac OS X 10.6.4
Apparently Apple included an older version of Adobe’s Flash Player plugin with the latest Mac OS X 10.6.4 update. The version Apple supplies is 10.0.45.2, whereas the latest version from Adobe is 10.1.53.64. While most people will not experience much difference in terms of performance, there could be some stability or compatibility differences that a few people may notice. More importantly, the version included with OS 10.6.4 is one that is subject to some recently uncovered (and subsequently patched) security vulnerabilities.

According to a recent ComputerWorld article on the matter, the 10.6.4 update does not appear to downgrade an existing installation of the latest version of Flash, so people who have already updated should be fine; however, be sure to check your browser to see what version you have installed. This can be seen by getting information on the “Flash Player.plugin” file in the /Macintosh HD/Library/Internet Plug-Ins/ folder, or by choosing “Installed Plug-Ins” from the Help menu in Safari and checking the version.

If you are in doubt about what version of Flash you have, you can just run the Flash installer again to ensure your system has the latest version, even if you believe you already have the latest version. This may be good to do, regardless, because of the security holes in the version shipped with OS 10.6.4.

Adobe Flash Download Page