Apple releases patches for 12 flaws

Apple's security team kicked off the year yesterday with an update to fix 12 vulnerabilities in the firm's Snow Leopard and Leopard operating systems, including seven Adobe Flash Player flaws.

The relatively small patch will come as a relief to security administrators, who faced a record Apple security update last November which addressed nearly 60 vulnerabilities.

Contained in the security advisory this time are warnings of multiple flaws in the Adobe Flash Player plug-in, the most serious of which "may lead to arbitrary code execution when viewing a maliciously crafted web site". This flaw could enable a hacker to take control of a compromised PC.

Also featured was a fix for a man-in-the-middle vulnerability in the SSL and TLS protocols. "An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL," read the advisory.

Nine of the 12 flaws may lead to "arbitrary code execution", according to Apple. Although the company does not categorise the severity of its vulnerabilities, unlike Oracle for example, this kind of flaw is likely to be regarded as 'critical' by security administrators.