Apple ships first OS X 10.5 Leopard security update in a year

Apple ships first OS X 10.5 Leopard security update in a year

No bug fixes for Mac OS X 10.5, but instead issues Flashback scrubber and disables outdated copies of Flash Player

Article comments

Apple has issued its first security-related update for OS X 10.5 Leopard in nearly a year, to disable long-outdated versions of Adobe's Flash Player.

Yesterday's Security Update 2012-003 does not patch any known vulnerabilities, but is instead a Leopard-specific version of what Apple released last week for OS X 10.6, or Snow Leopard, and the newer OS X 10.7, better known as Lion.

Like those updates, 2012-003 for Leopard removes versions of Flash Player older than Adobe issued that edition of Flash in November 2010. It was also the final version Apple delivered to its customers before it stopped maintaining Flash.

Monday's update will not be installed on PowerPC-equipped Macs running Leopard.

On May 9, Apple disabled older copies of Flash Player on Snow Leopard and Lion using an update to Safari 5.1.7. Because that version of Apple's browser doesn't support Leopard, the company instead updated the operating system.

The newest version of Flash Player for Leopard is, which was released earlier this month. That newest version, which requires an Intel processor, can be downloaded from Adobe's website.

Apple also released a version of the Flashback malware removal tool designed for Leopard. Apple had offered the same tool to Snow Leopard and Lion users on April 12.

The Flashback seek-and-destroy tool was Apple's response to a massive campaign that exploited a Java vulnerability to infect hundreds of thousands of Macs.

Apple still maintains Java for users of Snow Leopard and Lion, but last patched the Oracle software for Leopard users in June 2011.

Unlike the Snow Leopard and Lion Flashback removal tool update, the one for Leopard said nothing about automatically disabling the Java plug-in used by browsers such as Safari, Chrome or Firefox.

Security experts and pundits have blasted Apple for its sluggish patching of Java bugs and for dropping support for older operating systems too quickly.

It's unlikely that yesterday's Leopard updates signal a change in Apple's support policy since they do not address any security vulnerabilities that may exist in Leopard.

The updates were the first that Apple has shipped for Leopard since November 2011, when it patched a bug in iTunes 10.5.1. The last operating system security update applicable to OS X 10.5 was delivered in June 2011.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *