Apple blocks older Flash plug-in versions in Safari due to vulnerability

Posted:
in Mac Software edited November 2014
Apple late Thursday issued a security message saying it has blocked old versions of Adobe's Flash Player plug-in for Safari, citing a recent flaw that could potentially allow hackers to harvest browser data like cookies.




As noted in an updated support document regarding the issue, Apple has taken action against a recently discovered Flash vulnerability by restricting plug-in access through its Safari Web browser.

Users with out of date plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari. Clicking on the alert takes users to Adobe's Flash installer page, where the latest version of the plug-in can be downloaded and installed.

According to Adobe, the flaw can be found in Flash Player for Mac version 14.0.0.125 and earlier. After a proof-of-concept exploit was demonstrated by Google engineer Michele Spagnuolo, Adobe advised Mac users to update to version 14.0.0.145. Aside from OS X, Windows and Linux builds of Flash were also affected by the bug.

Users who need to run older, flawed versions of Flash may do so by configuring Safari's plug-in management settings to allow specific websites to "Run in Unsafe Mode." Re-enabling older Flash versions requires Safari 6.1 or later.
«13

Comments

  • Reply 1 of 41
    tallest skiltallest skil Posts: 43,388member

    Good. Though haven’t they already been doing this with all older versions?

  • Reply 2 of 41
    solipsismxsolipsismx Posts: 19,566member
    In other news… Many Users Have Been Blocking Adobe Flash Versions 0.0 Thru [SIZE=5]∞[/SIZE].
  • Reply 3 of 41
    I haven't had Flash installed in over 3 years now. In the last 24 months or so I think I have only had an issue where I was promoted to install Flash on a site maybe 3-4 times and all of those times I was able to access the content I needed anyways.

    When are we going to see Flash and the inherited vulnerabilities be something of the past?
  • Reply 4 of 41
    tallest skiltallest skil Posts: 43,388member
    Originally Posted by realjustinlong View Post

    When are we going to see Flash and the inherited vulnerabilities be something of the past?



    When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.

     

    “What about Light…”

    Integrated into Photos.

    “What about Prem…”

    Integrated into Final Cut.

    “What about After…”

    Integrated into Motion.

    “What about Audi…”

    Integrated into Logic.

    “What about Dream…”

    It’s terrible. Use Coda.

    “What about InDes…”

    Integrated into Pages. Imagine how great Pages would be with professional layout tools!

  • Reply 5 of 41
    philboogiephilboogie Posts: 7,675member
    I haven't had Flash installed in over 3 years now. In the last 24 months or so I think I have only had an issue where I was promoted to install Flash on a site maybe 3-4 times and all of those times I was able to access the content I needed anyways.

    Same here. And whenever I hit a site that uses Flash that I want to see, like Google Street View, I simply grab my 1st Gen iPad. Love that app from Apple. For regular webpages, irony to the max, I grab my other iPad and the site simply has the content in a different format. YouTube is one of those sites from Google that I think is truly despicable so I don't even go there.
    When are we going to see Flash and the inherited vulnerabilities be something of the past?

    Probably never. There's no reason why different tech can't both be alive. There's stuff Flash can do that HTML5 can't.
  • Reply 6 of 41
    lightknightlightknight Posts: 2,312member
    So looking forward to a prosumer Appladobe CS Suite. Not.

    When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.

    “What about Light…”
    Integrated into <span style="line-height:1.4em;">Photos.</span>

    “What about Prem…”
    Integrated into Final Cut.
    “What about After…”
    Integrated into Motion.
    “What about Audi…”
    Integrated into Logic.
    “What about Dream…”
    It’s terrible. Use Coda.
    “What about InDes…”
    Integrated into Pages. Imagine how great Pages would be with professional layout tools!
  • Reply 7 of 41
    lorin schultzlorin schultz Posts: 2,771member
    Quote:

    Originally Posted by Tallest Skil View Post

     
    Originally Posted by realjustinlong View Post

    When are we going to see Flash and the inherited vulnerabilities be something of the past?



    When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.

     

    “What about Light…”

    Integrated into Photos.

    “What about Prem…”

    Integrated into Final Cut.

    “What about After…”

    Integrated into Motion.

    “What about Audi…”

    Integrated into Logic.

    “What about Dream…”

    It’s terrible. Use Coda.

    “What about InDes…”

    Integrated into Pages. Imagine how great Pages would be with professional layout tools!


     

    As much as the idea of letting Apple's software lunatics get ahold of tools I depend on scares the crap out of me, I gotta admit I often finding myself wishing for an Apple designed UI when I use them. I'm sure the various procedures and tools make sense to the people who designed them, but DAMN they're confusing to me! I forced my way through a beginner's tutorial for After Effects and marvelled at how utterly impenetrable that app is. It made me wonder if Adobe makes more money on training than software sales.

  • Reply 8 of 41
    cletuscletus Posts: 54member
    Adobe has The Feces Touch.
  • Reply 9 of 41
    applezillaapplezilla Posts: 941member

    What's 'Flash?'

  • Reply 10 of 41
    john.bjohn.b Posts: 2,742member
    Quote:

    Originally Posted by realjustinlong View Post



    I haven't had Flash installed in over 3 years now. In the last 24 months or so I think I have only had an issue where I was promoted to install Flash on a site maybe 3-4 times and all of those times I was able to access the content I needed anyways.



    When are we going to see Flash and the inherited vulnerabilities be something of the past?

     

    Don't I wish!

     

    Although I've completely jettisoned Java, I do unfortunately have to run Flash on occasion.  The answer in this case is to run a Flash blocker so the content doesn't auto run.  Important because a lot of Flash content isn't sourced or controlled from the websites that tend to host it.

  • Reply 11 of 41
    macxpressmacxpress Posts: 5,796member
    Ugh...I hate that Apple does this. I know it's great for consumers and I totally agree with it for them, but for enterprise folks like myself this turns into a nightmare. I wish there was the option to opt out based on serial #. Unless, someone can think of a good solution for doing mass deployment updates of flash. And no, not using flash isn't an option and Apple Remote Desktop sucks now and doesn't work worth a darn. They ruin that program with every update unfortunately. :(
  • Reply 12 of 41
    evilutionevilution Posts: 1,399member

    I tried to live without Flash when I got my new iMac but only lasted a week.

    It was the lack of YouTube that made me give in. Despite them saying that most of their videos run in HTML 5, if you try it, you'll get a Flash pop up.

  • Reply 13 of 41
    tallest skiltallest skil Posts: 43,388member
    Originally Posted by Evilution View Post

    It was the lack of YouTube that made me give in.

     

    There IS no lack of YouTube. There has never BEEN a lack of YouTube. Every single YouTube video will play in a QuickTime window embedded into the page when you don’t have Flash installed.

     

    Use ClickToFlash to force it.

  • Reply 14 of 41
    This happens all the time, for me. If I don't upgrade Flash when prompted a few hours later YouTube will stop working until I upgrade.
  • Reply 15 of 41
    philboogiephilboogie Posts: 7,675member
    <span style="line-height:1.4em;">It was the lack of YouTube that made me give in.</span>

    There IS no lack of YouTube. There has never BEEN a lack of YouTube. Every single YouTube video will play in a QuickTime window embedded into the page when you don’t have Flash installed.

    Use ClickToFlash to force it.

    For Click2Flash he'll need to install Flash first, no? Better to set your user agent to an iPad instead. And that's only the better option, the best is to not use YouTube, although it does cost them money so maybe we should all have a YouTube window running in the background 24/7 lol
  • Reply 16 of 41
    tallest skiltallest skil Posts: 43,388member
    Originally Posted by PhilBoogie View Post

    For Click2Flash he'll need to install Flash first, no?

     

    Of course not. It’s just an extension.

     

    Better to set your user agent to an iPad instead.


     

    Except then you get fed a completely worthless mobile version of the website.

     

    Mental defectives, every single one of them. THE IDEA BEHIND THE IPHONE AND IPAD IS THAT YOU DON’T NEED A “MOBILE WEB” ANYMORE. STOP FORCIBLY REDIRECTING ME TO A MOBILE SITE. STOP MAKING IT IMPOSSIBLE FOR ME TO VIEW THE REAL SITE.

     

    the best is to not use YouTube,


     

    ClickToFlash+AdBlock=no ads on YouTube, anywhere. Combine that with Disconnect, Ghostery, and DoNotTrackMe and Google gets nothing from you.

  • Reply 17 of 41
    ratsgratsg Posts: 53member
    Quote:

    Originally Posted by Tallest Skil View Post

     



    When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.

     

    “What about Light…”

    Integrated into Photos.

    “What about Prem…”

    Integrated into Final Cut.

    “What about After…”

    Integrated into Motion.

    “What about Audi…”

    Integrated into Logic.

    “What about Dream…”

    It’s terrible. Use Coda.

    “What about InDes…”

    Integrated into Pages. Imagine how great Pages would be with professional layout tools!




    +1 ................ except for FrameMaker.

     

    FrameMaker 9 & 10 will disappear as if they had never existed.

     

    Adobe coders will be put back to work bringing this software to OS X.

  • Reply 18 of 41
    philboogiephilboogie Posts: 7,675member
    For Click2Flash he'll need to install Flash first, no?

    Of course not. It’s just an extension.
    Better to set your user agent to an iPad instead.

    Except then you get fed a completely worthless mobile version of the website.

    Mental defectives, every single one of them. THE IDEA BEHIND THE IPHONE AND IPAD IS THAT YOU DON’T NEED A “MOBILE WEB” ANYMORE. STOP FORCIBLY REDIRECTING ME TO A MOBILE SITE. STOP MAKING IT IMPOSSIBLE FOR ME TO VIEW THE REAL SITE.
    the best is to not use YouTube,

    ClickToFlash+AdBlock=no ads on YouTube, anywhere. Combine that with Disconnect, Ghostery, and DoNotTrackMe and Google gets nothing from you.

    Indeed, no 'mobile websites' anymore, please. Fine if they 'optimise' the page, but leave the basics intact so the experience is the same on an iPad and a desktop.

    As for blocking Google out, you'll also need to disable 'Fraudulent Sites' the prefs:

    700

    Because I think when ticked on it sends the URL to Google when visiting a site. Correct?
    https://developers.google.com/safe-browsing/
  • Reply 19 of 41
    curtis hannahcurtis hannah Posts: 1,832member
    Of course not. It’s just an extension.

    Except then you get fed a completely worthless mobile version of the website.

    Mental defectives, every single one of them. THE IDEA BEHIND THE IPHONE AND IPAD IS THAT YOU DON’T NEED A “MOBILE WEB” ANYMORE. STOP FORCIBLY REDIRECTING ME TO A MOBILE SITE. STOP MAKING IT IMPOSSIBLE FOR ME TO VIEW THE REAL SITE.

    ClickToFlash+AdBlock=no ads on YouTube, anywhere. Combine that with Disconnect, Ghostery, and DoNotTrackMe and Google gets nothing from you.
    There's a reason IOS 8 has a desktop site option
  • Reply 20 of 41
    gatorguygatorguy Posts: 24,153member
    philboogie wrote: »
    As for blocking Google out, you'll also need to disable 'Fraudulent Sites' the prefs:

    700

    Because I think when ticked on it sends the URL to Google when visiting a site. Correct?
    https://developers.google.com/safe-browsing/

    I don't think I'd do that myself. In the past few months Google has twice warned me of a fraudulent site posing as legit and directed me back to a safe page before any damage could be done. There's such a thing as cutting off your nose to spite your face.
Sign In or Register to comment.