Included in the update are a number of patches, including a buffer overflow for the CoreAudio system that could let a maliciously crafted MP4 audio file execute arbitrary code, a hole in the CUPS printing system where a remote attacker could cause the system to terminate, flaws in the ImageIO and Image RAW software that could let maliciously crafted image files execute arbitrary code, and a patch for the OpenSSL network encryption system that could allow a third-party to capture encrypted data.
Security Update 2010-001 also contains the most recent version of Adobe’s Flash Player plug-in, 10.0.42, which fixes numerous vulnerabilities, among them one that could lead to arbitrary code execution as a result of viewing a maliciously crafted Website.
The updates weigh in at 21.9MB for Snow Leopard, 159.58MB for Leopard client, and 248.11 MB for Leopard server, though the size may vary from computer to computer. They are available through Software Update or via Apple’s Support downloads page.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read ouraffiliate link policyfor more details.