Huh? How does Apple get a security update in its own software too late for GM?
Apple handles the SDL for its own security flaws internally. It tends to know where it stands with them. Apple cannot say the same thing about Flash; Adobe (as a simple matter of course) may have tens of queued vulnerabilities, with some arbitrary subset of them having actual fixes in the pipe. That's the nature of software security on large projects.
Apple can't wash its hands of Snow Leopard vulnerabilities, but it essentially can do that for 3rd party software like Flash.
Apple has responsibility over the GNU code they ship. They had responsibility over the Flash code they shipped. By not shipping Flash, they no longer need to take responsibility for it. That makes sense. Apple never should have been responsible for Flash. Flash is a huge project, and Apple is not in the loop on Flash security updates.
Apple handles the SDL for its own security flaws internally. It tends to know where it stands with them. Apple cannot say the same thing about Flash; Adobe (as a simple matter of course) may have tens of queued vulnerabilities, with some arbitrary subset of them having actual fixes in the pipe. That's the nature of software security on large projects.
Apple can't wash its hands of Snow Leopard vulnerabilities, but it essentially can do that for 3rd party software like Flash.