Apple plugs 33 Mac OS X security holes, updates Flash on Leopard

Apple today shipped another Mac OS X mega-update with fixes for at least 33 serious security problems affecting Mac OS X users.

The update includes patches for third party components like Adobe's Flash Player plug-in, Clam AV, MySQL and PHP.  A separate update was released for Snow Leopard to fix the issue where a vulnerable version of Flash Player was included with the new operating system.

[ SEE: Snow Leopard ships with vulnerable Flash Player ]

The Security Update 2009-005 fixes several "arbitrary code execution" vulnerabilities that can be exploited if a user is tricked into opening certain file types.

Among the components with serious security defects are Alias Manager, CarbonCore, ColorSync, CoreGraphics and ImageIO.

It also includes a new version of Clam AV, available for Mac OS X Server v10.5.8, to fix multiple code execution flaws in the open-source anti-virus package.

The new Flash Player plug-in fixes nine different vulnerabilities, the most serious of which could lead to computer takeover attacks via rigged Web pages.

Security Update 2009-005 is available from the Software Update pane in System Preferences, or Apple's Software Downloads web site.