|
|
Apple now blocking older Flash Player plug-ins, citing security flaw
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 14.0.0.145 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.
The issue revolves around a bug in Flash that could allow hackers to read data from browsers after users visit popular websites where Flash writes cookie data. The cookies themselves are not compromised, but the website retains the data in a flawed manner that hackers could collect after a user visits, compromising the sites themselves. Among the sites affected were Twitter, Tumblr, eBay, Instagram and many others.
Users who use Google Chrome do not have to manually update the plug-in for that browser, as it is automatically updated. Even if the Flash plug-in is disabled, users should still upgrade to the latest version, as applications that rely on Adobe AIR are also affected by the flaw.
The few remaining pre-Snow Leopard users are advised to check Adobe's Flash page for version 13.0.0.231, which should allow the browser to operate. The more recent v14.x update is available for OS X 10.6 and later, and Windows XP and later. The newest version for Linux is 11.22.202.231, which also contains the emergency patch.
While no known instances of attacks using this vector have been seen "in the wild," Apple and Adobe considered the flaw serious enough to (respectively) block older versions of the plug-in and strongly advise users to upgrade. Adobe has been working with major websites to protect from attacks on the website end, as the flaw could conceivably allow attackers to take control of some sites.
Users with out-of-date Flash plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari, notes AppleInsider. The vulnerability was first discovered by Google engineer Michele Spagnuolo, and extends to previous versions of Flash as well (apart from the updated 13.0.0.231 version mentioned earlier).
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Jun 2004
Status:
Offline
|
|
I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status:
Offline
|
|
The only reason that this is a "forced upgrade" is that the security problem is SO SEVERE that ***your data*** is at high risk of being stolen. If you want to procrastinate about something like that ... well enjoy the consequences I guess. You can just turn off Flash and curse the darkness if you prefer, you know ...
|
Charles Martin
MacNN Editor
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
turning off Flash is a splendid idea and it's not exactly 'cursing the darkness'. It's avoiding a shitshow malware host called Flash.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Originally Posted by just a poster
I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.
You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.
If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status:
Offline
|
|
Steve Jobs, premier Flash hater, is no longer at the helm and his criticisms don't apply to OS X anyway. It's time for Apple and Adobe to work together and integrate Flash upgrades into the Mac's regular app upgrade process. Having to do it 'on the side' is more trouble than necessary and so much trouble that some of the unskilled don't do it at all.
|
Author of Untangling Tolkien and Chesterton on War and Peace
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status:
Offline
|
|
Originally Posted by Spheric Harlot
You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.
If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.
Just-a-poster absolutely has a legitimate point. But spheric just continues on excusing every asshole thing that Apple does. Nothing new here.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status:
Offline
|
|
Originally Posted by Spheric Harlot
Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?
Sigh. Of course it's an asshole thing to do. A notice or dialog asking the user if they want to block it is the correct way to handle this. Apple is indeed hijacking third party software. They have no business doing so.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Aug 2001
Status:
Offline
|
|
Flash is dead. And deservedly so. Live with it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|