Apple on Tuesday released Security Update 2010-001, available for Mac OS X 10.6 Snow Leopard, Mac OS X 10.5 Leopard Server and Mac OS X 10.5 Leopard. It’s available for download through the Software Update system preference and from Apple’s Downloads Web site.
Changes in the update include a change to CoreAudio that prevents a buffer overflow in the handling of maliciously-crafted MP4 audio files. CUPS, which is used for printing, closes an exploit that could let a remote attacker cause an unexpected application termination. The Flash Player plug-in has been updated to 10.0.42, correcting “multiple issues…which may lead to arbitrary code execution.” ImageIO and Image Raw both correct issues involving maliciously crafted images, and OpenSSL has also been patched.
Apple recommends the updates for all users.