Apple Security Update 2010-001
In an effort not to be left out, Apple has released Security Update 2010-001 which patches a dozen vulnerabilities in CoreAudio (code execution via crafted MP4), CUPS (remote DoS), Flash Player Plug-in (multiple including arbitrary code execution), ImageIO (code execution via crafted TIFF file), Image Raw (code execution via crafted DNG image), and OpenSSL (the renegotiation exploit). Details can be found here: http://support.apple.com/kb/HT4004Mac OS X dirty dozen: Apple plugs critical security holes | Zero Day | ZDNet.com
Apple’s first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.
The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.
With Security Update 2010-001, Apple also fixes flaws in the Adobe Flash Player plug-in that ships with the operating system.