Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Apple now blocking older Flash Player plug-ins, citing security flaw

Apple now blocking older Flash Player plug-ins, citing security flaw
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jul 11, 2014, 01:07 AM
 
Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 14.0.0.145 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.



The issue revolves around a bug in Flash that could allow hackers to read data from browsers after users visit popular websites where Flash writes cookie data. The cookies themselves are not compromised, but the website retains the data in a flawed manner that hackers could collect after a user visits, compromising the sites themselves. Among the sites affected were Twitter, Tumblr, eBay, Instagram and many others.

Users who use Google Chrome do not have to manually update the plug-in for that browser, as it is automatically updated. Even if the Flash plug-in is disabled, users should still upgrade to the latest version, as applications that rely on Adobe AIR are also affected by the flaw.

The few remaining pre-Snow Leopard users are advised to check Adobe's Flash page for version 13.0.0.231, which should allow the browser to operate. The more recent v14.x update is available for OS X 10.6 and later, and Windows XP and later. The newest version for Linux is 11.22.202.231, which also contains the emergency patch.

While no known instances of attacks using this vector have been seen "in the wild," Apple and Adobe considered the flaw serious enough to (respectively) block older versions of the plug-in and strongly advise users to upgrade. Adobe has been working with major websites to protect from attacks on the website end, as the flaw could conceivably allow attackers to take control of some sites.

Users with out-of-date Flash plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari, notes AppleInsider. The vulnerability was first discovered by Google engineer Michele Spagnuolo, and extends to previous versions of Flash as well (apart from the updated 13.0.0.231 version mentioned earlier).
     
just a poster
Forum Regular
Join Date: Jun 2004
Status: Offline
Reply With Quote
Jul 11, 2014, 02:09 AM
 
I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Jul 11, 2014, 02:51 AM
 
The only reason that this is a "forced upgrade" is that the security problem is SO SEVERE that ***your data*** is at high risk of being stolen. If you want to procrastinate about something like that ... well enjoy the consequences I guess. You can just turn off Flash and curse the darkness if you prefer, you know ...
Charles Martin
MacNN Editor
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Jul 11, 2014, 06:36 AM
 
turning off Flash is a splendid idea and it's not exactly 'cursing the darkness'. It's avoiding a shitshow malware host called Flash.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jul 11, 2014, 07:16 AM
 
Originally Posted by just a poster View Post
I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.
You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.

If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.
     
Inkling
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status: Offline
Reply With Quote
Jul 11, 2014, 09:17 AM
 
Steve Jobs, premier Flash hater, is no longer at the helm and his criticisms don't apply to OS X anyway. It's time for Apple and Adobe to work together and integrate Flash upgrades into the Mac's regular app upgrade process. Having to do it 'on the side' is more trouble than necessary and so much trouble that some of the unskilled don't do it at all.
Author of Untangling Tolkien and Chesterton on War and Peace
     
Grendelmon
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Jul 11, 2014, 10:12 AM
 
Originally Posted by Spheric Harlot View Post
You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.

If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.
Just-a-poster absolutely has a legitimate point. But spheric just continues on excusing every asshole thing that Apple does. Nothing new here.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jul 11, 2014, 10:38 AM
 
Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?
     
Grendelmon
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Jul 11, 2014, 10:45 AM
 
Originally Posted by Spheric Harlot View Post
Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?
Sigh. Of course it's an asshole thing to do. A notice or dialog asking the user if they want to block it is the correct way to handle this. Apple is indeed hijacking third party software. They have no business doing so.
     
Jeronimo2000
Dedicated MacNNer
Join Date: Aug 2001
Status: Offline
Reply With Quote
Jul 11, 2014, 10:49 AM
 
Flash is dead. And deservedly so. Live with it.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:20 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,