Apple on Tuesday patched 12 vulnerabilities in Leopard and Snow Leopard, including seven in Adobe Flash Player and one in the protocol used to secure Internet traffic.\n\nSecurity update 2010-001 is the first from Apple this year, and noticeably smaller than the monster issued last November that fixed almost 60 flaws.\n\nThe seven fixes for Flash Player, Apple's first update to the popular media player since last September, brought the program up to version 10.0.42.34, the same edition that Adobe shipped on Dec. 8, 2009, for Windows and Linux. Adobe tagged six of the seven vulnerabilities as critical in its own security advisory last month.\n\nBecause Apple bundles Flash Player with Mac OS X, it regularly distributes patches for the Adobe software, at times months after the latter has shipped patches. The six-week gap between Adobe's issuing fixes and Apple delivering them this time was similar to the time it took Apple to update Flash in the summer of 2009.\n\nAltogether, nine of the 12 bugs were accompanied by the phrase "may lead to arbitrary code execution," Apple's way of saying that a flaw is critical and can be used by attackers to hijack a Mac. Apple does not assign ratings or severity scores to the bugs it patches, unlike other major software makers, such as Microsoft and Oracle.\n\nOther than the patches for Flash Player, the most notable fix in the batch was for a flaw in the SSL (secure socket layer) and TLS (transport socket layer) protocols that, if exploited, could let attackers capture or change data that was supposedly protected as it moved between browsers and servers.\n\nThe man-in-the-middle vulnerability was discovered in August 2009 by Marsh Ray and Steve Dispensa, a pair of security analysts with PhoneFactor, an Overland Park, Kansas-based maker of two-factor authentication services and software. Ray and Dispensa met with representatives of several companies, including Cisco, IBM, Intel, Microsoft and Nokia, last September to work out ways to patch the underlying SSL libraries, but then had to rapidly switch gears when information was independently revealed on a mailing list Nov. 4.\n\nOther vendors, including Microsoft and Cisco, have not yet patched the SSL vulnerability in their software; both, however, are testing fixes, according to PhoneFactor.\n\nSecurity researchers last year said that the bug could have been used to hack Twitter accounts, as well as steal data from other Web sites.\n\nThe security update for Leopard and Snow Leopard can be downloaded from the Apple site or installed using Mac OS X's integrated update service. No patches are available for Mac OS X 10.4, aka Tiger, the 2005 operating system that Apple has retired from support.