Apple's Snow Leopard upgrades Mac OS X, downgrades Flash

[AppleInsider]

While Snow Leopard makes a number of improvements to Apple's Mac OS X machines, for those who have kept Adobe Flash up to date, installing the new operating system will reportedly downgrade the software.

According to antivirus company Sophos, Snow Leopard installs version 10.0.23.1 of Flash for Mac, a security downgrade from the most up-to-date version, 10.0.32.18. Senior Technology Consultant Graham Cluley said the change is made without prompting the user. He called the move "pretty bad."

"I realize how much malware is out there," he said. "But after upgrading to Snow Leopard, when I went to Adobe's Web site, what it actually told me was I had actually downgraded. I was no longer running the latest version of Adobe Flash."

As hackers have targeted Adobe's Flash player for browser-based vulnerabilities, the company has responded, like Microsoft, by releasing regular security updates for its software. Users can check what version number they're running and download updates at Adobe's Web site.

"Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded," Cluley said. "We know that hackers keep finding security holes in Adobe's code - and that's deeply concerning because it is so widely used by many Internet users, whether on Mac or PC."

In an effort to beef up security protection, Apple included limited malware protection in its latest operating system. Though the feature only scans files for two Trojans out of the box, the basic defender could be upgraded over time to protect against other potential threats.

[ View this article at AppleInsider.com ]

[al_bundy]

so just upgrade? i'm running Windows 7 RTM and there are some updates for it as well like spam software updates. no one can keep up with constant point updates to software

[daviblak3]

Quote:

Originally Posted by AppleInsider

While Snow Leopard makes a number of improvements to Apple's Mac OS X machines, for those who have kept Adobe Flash up to date, installing the new operating system will reportedly downgrade the software.

According to antivirus company Sophos, Snow Leopard installs version 10.0.23.1 of Flash for Mac, a security downgrade from the most up-to-date version, 10.0.31.18. Senior Technology Consultant Graham Cluley said the change is made without prompting the user. He called the move "pretty bad."

"I realize how much malware is out there," he said. "But after upgrading to Snow Leopard, when I went to Adobe's Web site, what it actually told me was I had actually downgraded. I was no longer running the latest version of Adobe Flash."

As hackers have targeted Adobe's Flash player for browser-based vulnerabilities, the company has responded, like Microsoft, by releasing regular security updates for its software. Users can check what version number they're running and download updates at Adobe's Web site.

"Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded," Cluley said. "We know that hackers keep finding security holes in Adobe's code - and that's deeply concerning because it is so widely used by many Internet users, whether on Mac or PC."

In an effort to beef up security protection, Apple included limited malware protection in its latest operating system. Though the feature only scans files for two Trojans out of the box, the basic defender could be upgraded over time to protect against other potential threats.

But you forgot the apple has sand-boxed all plugins in Safari for snow leopard so that eliminates the vulnerabilities that recent hackers have been finding in Flash

[thespaz]

*Yawn*

Way to make a big deal over nothing. Apple's not perfect. Just download the new version and forget about it.

[themoonisdown09]

I wonder why Snow Leopard downgrades the Flash player? What's the reason behind it? There actually could be no reason and it's just a mistake.

[abrooks]

Surely the newer version was released after Apple sent Snow Leopard to GM and had the ROMs mastered? If that is the case what do you expect Apple to do, send you a separate disc with a Flash installer on?

Get a grip.

[Quadra 610]

So just upgrade it.

Big deal.

Graham Cluley is a British computer programmer and 'Senior Technology Consultant ' at Sophos. So some antivirus outfit is rendering their opinion on the matter. Time to tune out.

[BenRoethig]

Quote:

Originally Posted by abrooks

Surely the newer version was released after Apple sent Snow Leopard to GM and had the ROMs mastered? If that is the case what do you expect Apple to do, send you a separate disc with a Flash installer on?

Get a grip.

Plus the first thing you should do anyway after you update your OS is look for third party updates.

[JackMoxley]

I had the latest version of flash for 10.5 and it was worse than bad, after it had 5 attempts to connect to the internet, it refused to connect again till the browser was restarted, terrible for multi-user applications.

IMHO the downgrade was a must, I didn't know they had done it, and I am actually incredibly grateful.

[Oh-es-Ten]

To be honest, the biggest downgrade for me was in Flash performance... Now that it has spun off to a different process in SL, you can see how much of a CPU hog it really is - and how efficient Safari actually is!

My laptop was running super hot and sucking down battery on SL, and the flash plugin was the culprit.. Weird as it did not behave like that in 10.5 - however I have installed Click2Flash - and that is a fantastic little extension (and fully compliant as a Safari Plugin under 10.6).. Machine runs great now, and I am not bombarded with stupid flash ads! Web browsing is super smooth now... I really recommend it...

[Takeo]

The best Flash upgrade is to disable Flash completely.

[fishstick_kitty]

re-upgrade it then...done, done, on to the next one

[nite41]

As far as I remember, the latest version of Flash Player was released in the first week of August. And since 10.6 was released on 28th of August, I do not think Apple had enough time to upgrade to the latest version. Could be a reason?

[jetset]

Quote:

Originally Posted by Takeo

The best Flash upgrade is to disable Flash completely.

Exactly. Turn it off. TURN IT OFF!
Goodbye annoying banner ads....

is that a GIF? sunnnovab....

[JeffDM]

Quote:

Originally Posted by nite41

As far as I remember, the latest version of Flash Player was released in the first week of August. And since 10.6 was released on 28th of August, I do not think Apple had enough time to upgrade to the latest version. Could be a reason?

I think it's the most likely reason, the installer clobbered the new one with the one included with the OS. The one on the disc was probably tested pretty reasonably well to at least be compatible.

Quote:

Originally Posted by jetset

Exactly. Turn it off. TURN IT OFF!
Goodbye annoying banner ads....

is that a GIF? sunnnovab....

I can't completely live without Flash, not happy to have to use it, but thankfully there are plenty of plug-ins available to allow selective flash execution. I don't know about the Safari ones, but FlashBlock for Firefox allows site whitelisting too.

[vandil]

ClickToFlash is your friend.

[akf2000]

fucsakes, if the biggest problem in your life is a lower version of Flash then you should be on your knees giving thanks.

[jrg_uk]

Quote:

Originally Posted by Quadra 610

Graham Cluley is a British computer programmer and 'Senior Technology Consultant ' at Sophos.

he's actually in their marketing dept, as I understand it.

[dagamer34]

Flash is never gonna go 64-bit, is it? =/

[aiolos]

Wow, way to make a big deal out of nothing. Holy crap, my 10.0.xx.xx was downgraded to 10.0.xx.x. Holy crap! The third section of the version number changed!

I mean, get real. The security updates between those two versions were probably minimal anyway, or it would have been enough reason to make it a 10.1.xx.xx. Besides, Apple had already GM-ed SL before the newest version was released in all likeliness. So you have to go and upgrade, BFD. As another poster said, you should upgrade all third-party apps after installing a new OS anyway...

[Rokken]

I am a happier man after installing ClicktoFlash, so big deal.

[Zoolook]

Why doesn't flash upgrade automatically?

[Vanka]

I'm not sure how responsible this article is....is there a possible reason why apple didn't include this latest update? Remember, Safari is not an extension of Flash...Flash is an extension/plugin of Safari.

I just followed the instructions on this article and upgraded but now I can print from Safari???? I can still print from Firefox but now Safari is acting up....it just froze as I tried to print this page so I had to open up in Firefox. This is very frustrating because I know just yesterday I had printed 4 pages in Safari and now suddenly it doesn't work seconds after upgrading my flash.

Is there a possible connection??? Geez....this is frustrating...how do I downgrade my flash??

[Dlux]

So he admits that Flash has "a raft of potential attacks and exploits". Why is this not the big story, instead of an entirely routine consequence of installing software from a pressed disc?

Man hitting self with hammer: "Doctor, it hurts when I do this."

Doctor: "Then don't do that."

When will we stop hitting ourself with the Flash Hammer and shove Adobe into the corner with a dunce hat?

[christopher126]

I like the idea of turning Flash off completely, how does one do that?

[roehlstation]

Adobe releases an update after Snow Leopard goes Gold Master, therefore that version does not make it onto the disk. No different than when you buy a printer and the driver on that disk is older than what is online.

[ghostface147]

Safari and Flash seem to be crash happy on my installation of SL. I didn't have these problems until 10A421a. I guess they never really improved it in 10A432. Are people really sure they want Flash on their iPhones? I certainly don't.

[desarc]

IF windows shipped with itunes, and IF windows 7 shipped with itunes 8 [after 9 is released]this forum would be screaming bloody murder for MS trying to cripple the competition, regardless of release dates. so much for being objective.

[anantksundaram]

Quote:

Originally Posted by desarc

IF windows shipped with itunes, and IF windows 7 shipped with itunes 8 [after 9 is released]this forum would be screaming bloody murder for MS trying to cripple the competition, regardless of release dates. so much for being objective.

That's silly (and defensive-sounding on your part). As one of the posters has pointed out, it depends on when the update was released relative to when the OS was released.

[anantksundaram]

Quote:

Originally Posted by ghostface147

Safari and Flash seem to be crash happy ......

Ah, now I know what 'crappy' stands for in computer lingo.......

[Gazoobee]

Quote:

Originally Posted by desarc

IF windows shipped with itunes, and IF windows 7 shipped with itunes 8 [after 9 is released]this forum would be screaming bloody murder for MS trying to cripple the competition, regardless of release dates. so much for being objective.

This is a completely over the top comparison. Shipping Safari with the second newest update on a browser plug-in is nowhere near the same thing as shipping Windows 7 with an old version of the leading media software.

The only reason that shipping Safari with less than the most recent third party plug-ins would even be important is if there was a dangerous bug or hacker pathway in the version they shipped that was plugged by the later version. Since this anti-virus salesman (who is rather obviously beating his own drum BTW), doesn't mention anything of the sort, this is clearly a total non-issue.

Flash is a third party plug-in after all. Apple is not responsible for shipping anything for Adobe.

You also have to consider that Adobe takes every single opportunity to screw Apple over and has for years. So the first time Apple doesn't ship the very latest of their plug-ins, they are taken to task over it? This is just more of that "Apple is evil" meme that's been floating around. It has nothing to do with the facts.

[chromos]

Quote:

Originally Posted by christopher126

I like the idea of turning Flash off completely, how does one do that?

As people have mentioned, ClickToFlash. It's fantastic.

[MacSuperiority]

WOW!

If you havent upgraded to the lastest version, DO NOT DO IT. I upgraded after a Firefox update alerted me to the new flash version and now both Safari and Firefox both crash extremely often. It's not even usable. Looks like Apple did a smart thing here.

[htoelle]

To quote someone else Big Deal. Get real and take some responsibility for yourself.
The best way to avoid malware is to not put yourself into where it will effect you. Usually works.

[Erunno]

Quote:

Originally Posted by MacSuperiority

WOW!

If you havent upgraded to the lastest version, DO NOT DO IT. I upgraded after a Firefox update alerted me to the new flash version and now both Safari and Firefox both crash extremely often. It's not even usable. Looks like Apple did a smart thing here.

You do not know what you are talking about. Flash can't possibly crash Safari anymore since it runs in its own process starting with 10.6. Plus, stating that Apple did the right thing by exposing the users to what Adobe considers itself critical security bugs borders on lunacy.

[Erunno]

Quote:

Originally Posted by Gazoobee

Flash is a third party plug-in after all. Apple is not responsible for shipping anything for Adobe.

But Apple ships and installs it by default so they have at least the responsibility to keep their users on the newest version if they can't fix problems by themselves. Judging by that logic Apple wouldn't also be responsible for all the third party open source stuff which ships with OS X.

[Abster2core]

Quote:

Originally Posted by chromos

As people have mentioned, ClickToFlash. It's fantastic.

Here is Macworld's review back in February: http://www.macworld.com/article/1387...hprospect.html

Obviously it has been improved.

Any other reviews would be helpful

[Erunno]

Quote:

Originally Posted by christopher126

I like the idea of turning Flash off completely, how does one do that?

Safari -> Preferences -> Security -> Activate plug-ins (or similar, I'm running a non-english version). Do yourself a favor and use ClickToFlash instead.

[Erunno]

Quote:

Originally Posted by roehlstation

Adobe releases an update after Snow Leopard goes Gold Master, therefore that version does not make it onto the disk. No different than when you buy a printer and the driver on that disk is older than what is online.

Well, it could at least check whether the installed version is higher than the one on the installation disk.

[Erunno]

Quote:

Originally Posted by dagamer34

Flash is never gonna go 64-bit, is it? =/

Adobe has been testing a 64 Bit version of Flash on Linux for some time now. [1] Don't know what happened since then and if there are concrete efforts to port the 64 Bit version to Windows and OS X underway.

[1] http://arstechnica.com/open-source/n...inux-alpha.ars