[Correction: there was a typo below. It was supposed to read "...it appears that the OS X v10.6.4 update does not downgrade users..." Clearly I need to be more careful about proofreading. Many thanks to Wiebke Lips for pointing it out (comment will be approved any moment now).]
Apple security update 2010-004/Mac OS X 10.6.4, just released, includes mitigation for 28 security vulnerabilities, as well as including the latest Safari 5 release. (This in itself addresses 48 security vulnerabilities.) So far, so good: well, maybe I’ll reserve judgement until it finishes downloading on my MacBook, but updates don’t usually cause me hassle.
(See also “Apple Patches Critical Mac OS X Security Flaws” by Ryan Naraine.)
There is a less obvious problem in this case, though. According to an Adobe bulletin, the OS X update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than is available from Adobe.com, which recommends that users stick with the latest “most secure” version of Flash Player (10.1.53.64).
However, unlike a previous occasion, it appears that the OS X v10.6.4 update does not downgrade users who have already upgraded to Adobe Flash Player 10.1.
[Additional comment from Warwick Ashford at Computer Weekly: http://www.computerweekly.com/Articles/2010/06/16/241616/Latest-Mac-OS-X-version-still-needs-Adobe-update.htm]
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer
Also blogging at: