Skip to Content

Apple smashes patch record with gigantic update

Apple on Wednesday patched more than 130 vulnerabilities in Mac OS X, smashing a record the company set last March when it fixed over 90 flaws.

The update for OS X 10.6, a.k.a. Snow Leopard, and OS X 10.5, better known as Leopard, was Apple’s first since September and the seventh for the year.

Calling the update “huge,” Mac vulnerability expert Charlie Miller pointed out that even with a staggering 134 patches, there were plenty of flaws still around.

“Apple releases huge patch, still miss all my bugs,” said Miller in a tweet late Wednesday. “Makes you realize how many bugs are in their code, or they’re very unlucky.”

Security Update 2010-007, offered on its own to Leopard users but combined with nonsecurity changes in Version 10.6.5 of Snow Leopard, boasted 46% more patches than the biggest to date.

But Apple’s patch numbers were inflated by the fixes for a whopping 55 vulnerabilities in Adobe’s Flash Player. Unlike other operating system vendors, Apple bundles Flash with its OS and maintains the popular — and frequently flaw-filled — media player using its own update mechanism.

Flash patches accounted for 41% of the total that Apple issued.

Unlike the last time when Apple patched Flash in Mac OS X, yesterday’s update included all known Flash fixes, including 18 that Adobe shipped just last week.

In June, Adobe criticized Apple for not keeping users up to date. “10.6.4 update for Mac OS X includes Flash Player, but not the latest version,” said Brad Arkin, Adobe’s director of security and privacy, at the time.

Apple has now caught up by dumping patches into yesterday’s update that Adobe released in four Flash security events between early June and early November. What’s unclear is how long Apple will continue to provide Flash patches to its customers.

Three weeks ago, Apple confirmed that it was Apple tackled more than two-dozen nonsecurity issues, many of them stability or reliability problems.

Apple’s practice is to divulge no details of such fixes; instead it offers only terse one-line descriptions. For example, it might say: “Addresses stability and performance of graphics applications and games,” which could conceivably involve scores of changes at the heart of an operating system.

The 10.6.5 upgrade also fixed a problem with some HP printers connected to wireless networks, added support for encrypted transfers of files to Apple’s online storage service, and improved the reliability of connections to Microsoft Exchange servers.

Considering the size of the upgrade — between 240MB and 645MB for the client version of Mac OS X — it’s not surprising that reports of problems have trickled into Apple’s support forum. Several users, for instance, said that they were unable to connect with 802.11n wireless networks after upgrading to 10.6.5.

The most serious problem, however, affected users of PGP’s Whole Disk Encryption software: They reported that their Macs would not boot after the update, forcing them to restore from backups.

According to a message from PGP, users can safely apply the upgrade if they first decrypt the drive.

Mac OS X 10.6.4 and the 2010-007 security update can be downloaded at the Apple site or installed using the operating system’s integrated update service.

Originally published by the Computer World. Read the original story here.