Apple smashes patch record with gigantic security update
Latest set of patches from Apple fix 134 flaws in Mac OS X, a whopping 55 in Flash Player alone
Apple on Wednesday patched more than 130 vulnerabilities in Mac OS X, smashing a record the company set last March when it fixed over 90 flaws.
The update for OS X 10.6, aka Snow Leopard, and OS X 10.5, better known as Leopard, was Apple's first since September and the seventh for the year.
[ Discover the key Mac, iOS, and Apple tech trends for business users. Read InfoWorld's Technology: Apple newsletter. ]
Calling the update "huge," Mac vulnerability expert Charlie Miller pointed out that even with a staggering 134 patches, there were plenty of flaws still around.
"Apple releases huge patch, still miss all my bugs," said Miller in a tweet late Wednesday. "Makes you realize how many bugs are in their code, or they're very unlucky."
Security Update 2010-007, offered on its own to Leopard users but combined with non-security changes in version 10.6.5 of Snow Leopard, boasted 46 percent more patches than the biggest to date.
But Apple's patch numbers were inflated by the fixes for a whopping 55 vulnerabilities in Adobe's Flash Player. Unlike other operating system vendors, Apple bundles Flash with its OS and maintains the popular -- and frequently flaw-filled -- media player using its own update mechanism.
Flash patches accounted for 41 percent of the total that Apple issued today.
Unlike the last time when Apple patched Flash in Mac OS X, yesterday's update included all known Flash fixes, including 18 that Adobe shipped just last week.
In June, Adobe criticized Apple for not keeping users up-to-date. "10.6.4 update for Mac OS X includes Flash Player, but not the latest version," said Brad Arkin, Adobe's director of security and privacy, at the time.
Apple has now caught up by dumping patches into yesterday's update that Adobe released in four Flash security events between early June and early November. What's unclear is how long Apple will continue to provide Flash patches to its customers.
Three weeks ago, Apple confirmed that it was ditching Flash -- the new MacBook Air laptop was the first Flash-less system -- but did not say when it would stop fixing Adobe's flaws. Meanwhile, Adobe has promised to add auto-update notification that would tell Mac users when a new version of Flash is available, but it has declined to set a release date for the tool.
Apple and Adobe have been butting heads over Flash since 2007, but the dispute grew hot this year as the two companies traded blows over Flash content on Apple's iOS-powered devices, with CEO Steve Jobs trashing Flash in April and the co-chairs of Adobe's board of directors accusing Apple of undermining the Web in mid-May.
Of the 79 non-Flash patches in Wednesday's massive collection, 16 were related to X11, Apple's implementation of the Unix X Windows System; nine affected QuickTime, Apple's own media player; four were in OS X's ImageIO component; and another four resided in Apple Type Services (ATS), the operating system's font renderer.
