Apple Claims 55 Flash Vulnerabilities Fixed in 10.6.5
Of the 131 security issues noted as resolved by the new Mac OS X 10.6.5 update,
more than half are fixes to third party software, with the overwhelming majority of those having to do with Flash. However, the way Apple fixed the Flash vulnerabilities was just by upgrading the Flash Player plug-in to the latest version, not by making any changes to Mac OS X itself.
The Knowledgebase article about the update
lists 55 security vulnerabilities related to Flash Player, 16 having to do with X11, nine about the QuickTime player, one about Safari, and five about specific features in Mac OS X Server that are not present in the desktop version. Another 45 had to do with components of Mac OS X, including updates to the AFP network protocol providing new validation and error signaling, and a fix to the password server to prevent users from logging in with outdated passwords. CoreText and CoreGraphics have also been tweaked to improve handling of a previously-fixed security flaw related to malicious PDF files.
The fact that there were so many identified security issues in the version of Flash Player used in 10.6.4 lends credence to Apple's explanation that the reason MacBook Airs did not ship with the plug-in installed was so that users could download the more secure version themselves. Tests of the new lightweight notebook with Flash installed did show much increased battery consumption
, though, and some observers felt the omission had more to do with Apple being able to meet its claims of six-hour battery life. Adobe's chief technology officer Kevin Lynch complained of Apple's "negative campaigning" in an interview with Fast Company magazine
, and called Apple's rejection of Flash a "blockade of certain types of expression."
Security Update 2010-007 for Mac OS X 10.5 was also released at the same time as Mac OS X 10.6.5, providing many of the same fixes as well as additional patches to Leopard users. The upgrades are available via Software Update, or by direct download from the Apple Support site