Snow Leopard: Apple ships old, security-compromised Flash plugin with new OS
It's not that we have anything against the Flash plugin for Mac browsers. Well, other than the fact that it's crashy, and slow, and makes our laptop fans spin up like we're doing wind tunnel testing for the Air Force. But other than that, we have nothing against it -- and it's lovely that the new 64-bit version of Safari in Snow Leopard can isolate Flash-related stalls and hiccups from the main browser process for enhanced crash protection. Very nice.
Unfortunately, as pointed out initially by Graham Cluley over at the security and anti-virus vendor Sophos, the version of the Flash plugin that Apple bundles with Snow Leopard is old. It's the 10.0.23.1 version, old enough that it has some notable vulnerabilities versus the currently shipping 10.0.32.18 version. You can check which version of the plugin you have by visiting this Adobe check page. Even if you had the current build on your machine before upgrading to Snow Leopard, the upgrade process replaces your Flash with the vintage Flash instead -- poor form! Cluley recommends, and Adobe concurs, that the best thing to do is head over to Adobe's download site and get the most up-to-date version instead.
It's understandable that Apple had to lock down a version of the Flash plugin for inclusion in the OS golden master, but if you're gonna do that then you've got to provide an integrated method for users to update to the current build when the time comes (like, say, via an OS-wide Software Update utility). Downgrading user security while upgrading OS versions is a rotten way to run a railroad.
[Side note, does Cluley's narration in the video above make you wonder if, just maybe, he's moonlighting as Ben 'Yahtzee' Croshaw over at The Escapist? NSFW!]
Thanks to everyone who sent this in.
Share
Categories
OS Bugs/Recalls Bad Apple Security Found Footage Snow Leopard
It's not that we have anything against the Flash plugin for Mac browsers. Well, other than the fact that it's crashy, and slow, and makes...
Add a Comment
I installed 10.0.32.18 on my iMac and now ever page with flash crashes the browser, be it Safari or Firefox. I want to go back the the version that shipped with SL. At least that didn't crash my browsers.
September 07 2009 at 9:51 AM Report abuse Permalink rate up rate down ReplyHrm, sounds nothing like Croshaw.
September 06 2009 at 4:05 AM Report abuse Permalink rate up rate down Replyall the more reason why I'm not upgrading to Snow Leopard
http://www.owensdomain.com/2009/09/04/why-im-not-upgrading-to-snow-leopard
Brad, it's certainly prudent to wait a few weeks (or months) before upgrading your production machine. That said, basing your performance assessments purely on the benchmarks Chris published means you aren't getting the full story. See Lauren's post from today:
http://www.tuaw.com/2009/09/04/will-snow-leopard-really-make-my-computer-any-faster/
Even before your primary apps are updated to take advantage of 10.6, you'll still see big improvements in startup, shutdown, launch, etc.
Go eat some spotted dick you whinging pom!
September 04 2009 at 12:16 PM Report abuse Permalink rate up rate down ReplyFunny little side note: since upgrading to SL, the only thing that causes me to see the Beachball of Death on a regular basis is the Flash plug-in. So much for quality work.
If it were feasible to go completely without Flash, I'd de-install it in a second. Unfortunately, at the current state of things, that would cut me off from quite a few things on the internet...
10.0.23.1 has no vulnerabilities listed at http://www.adobe.com/support/security/#flashplayer
10.0.22.87 and earlier have vulnerabilities listed.
While it's bad that they shipped an out of date plugin, lets analyse this a little; the latest flash plugin was shipped on July 30th ( http://groups.adobe.com/posts/5a95c52acd ) and SL was GM'd in August around the 10th. So Apple had 10 days to repackage the flash plugin for a build of SL that was probably already finalised, and there wasn't any outstanding security flaws listed at that time.
Earth shattering? no. Excuse for a good bit of drama mongering? yes.
BFD. Upgrade it. 23 seconds. Get over it.
September 04 2009 at 1:49 AM Report abuse Permalink rate up rate down ReplyHow many people won't find out until too late? Stick your BFD where the SDS.
September 04 2009 at 1:34 PM Report abuse Permalink rate up rate down ReplyThere will always be security updates for everything - current version of flash included. Upgrades are how the world of software distribution works - unless of course you live where the "SDS." Basic computer maintenance dude.
September 04 2009 at 2:26 PM Report abuse Permalink rate up rate down ReplyNow I need to "go back" to the old Snow Leopard version.
Does anyone know how to do this?
This whole thing smells like a propaghanda campaign from microsoft. No Apple user gives a sh^t about viruses or malware.
September 03 2009 at 8:59 PM Report abuse Permalink rate up rate down ReplyPlease do not upgrade your Flash!!
I upgraded this morning after reading this blog, but now both Safari and Firefox are crashing when I try to upload a document to a website.
Hot Apps on TUAW
Deals of the Day
more deals- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- miFrame Picture Frame Dock for iPad for $64 + $8 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
- Hannspree Apple-Shaped 28" 1080p LCD HDTV for $270 + free shipping
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
35 Comments