Mac OS X update comes with buggy Flash Player

Apple's security update for Snow Leopard includes an out-of-date version of Flash Player that has 32 flaws, including one being actively exploited by attackers

Apple has released a security update for Mac OS X 10.6, code-named Snow Leopard, fixing 28 critical security issues alongside general operating system bugs.

The Mac OS X version 10.6.4 update, made available for download on Tuesday, included Flash Player as a fix for what Apple described as "multiple issues in the Adobe Flash Player plug-in, the the most serious of which may lead to unauthorised cross-domain requests".

However, Adobe posted a blog on Tuesday noting that this version of Flash Player is outdated and urged Mac users to check they are using the "most secure" version of Flash Player available, version

In an update issued earlier in June, Adobe patched 32 vulnerabilities in Flash Player, including one that was being actively exploited by attackers. The security holes affect the media player's versions and earlier.

The discussion comes amidst an ongoing war of words between Apple and Adobe over over Apple's refusal to support Flash Player on its iPad and iPhone devices. In April, for instance, Steve Jobs outlined his criticisms of the Flash development platform in a blog post.

In addition, this is not the first time Adobe has sent out a warning to users over an Apple update. In September, the company said that an Mac OS X update issued in August was shipping with a superceded version of Flash Player. It also noted that the Apple's update was downgrading people with more recent versions of the player to the earlier edition.

That does not appear to be the case with this week's Apple update, according to Adobe security response programme manager Wendy Poland.

"The Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1," Poland said in the blog post.

Of the 28 bugs in the Snow Leopard update, seven address security issues that could allow a remote attacker to execute malicious code on a user's system, according to Apple. The critical flaws include three in Mac OS X's implementation of the CUPS printing system, three in the Kerberos authentication protocol, one in the iChat instant messaging client and one in Wiki Server.

In addition, the update includes the latest version of the Safari browser, Safari 5, launched on 7 June with a record 48 patches.