[Correction: there was a typo below. It was supposed to read "...it appears that the OS X v10.6.4 update does not downgrade users..." Clearly I need to be more careful about proofreading. Many thanks to Wiebke Lips for pointing it out (comment will be approved any moment now).]
Apple security update 2010-004/Mac OS X 10.6.4, just released, includes mitigation for 28 security vulnerabilities, as well as including the latest Safari 5 release. (This in itself addresses 48 security vulnerabilities.) So far, so good: well, maybe I’ll reserve judgement until it finishes downloading on my MacBook, but updates don’t usually cause me hassle.
(See also ”Apple Patches Critical Mac OS X Security Flaws” by Ryan Naraine.)
There is a less obvious problem in this case, though. According to an Adobe bulletin, the OS X update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than is available from Adobe.com, which recommends that users stick with the latest “most secure” version of Flash Player (10.1.53.64).
However, unlike a previous occasion, it appears that the OS X v10.6.4 update does not downgrade users who have already upgraded to Adobe Flash Player 10.1.
[Additional comment from Warwick Ashford at Computer Weekly: http://www.computerweekly.com/Articles/2010/06/16/241616/Latest-Mac-OS-X-version-still-needs-Adobe-update.htm]
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer
Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com
[...] So I said here: [...]
By: Mac Virus on June 16, 2010
at 18:20
[However, unlike a previous occasion, it appears that the OS X v10.6.4 update downgrade users who have already upgraded to Adobe Flash Player 10.1.]
This should not be the case. In the testing we have conducted on our end, it appears that Mac OS X v10.6.4 update does NOT downgrade users who have already upgraded to Adobe Flash Player 10.1. We still recommend, however, users double-check, just in case. To verify the Adobe Flash Player version number installed on your system (after applying the Mac OS X security update), access the About Flash Player page at http://www.adobe.com/software/flash/about/, or right-click on content running in Flash Player and select “About Adobe Flash Player” from the menu.
If you use multiple browsers, checking on any one browser will verify the update for all browsers on Macintosh systems (on Windows, perform the check for each browser you have installed on your system).
By: Wiebke Lips on June 17, 2010
at 20:46