or Connect
AppleInsider › Forums › Software › Mac Software › Adobe Flash contributes largest number of security patches in Apple's Mac OS X 10.5.6
New Posts  All Forums:Forum Nav:

Adobe Flash contributes largest number of security patches in Apple's Mac OS X 10.5.6

post #1 of 26
Thread Starter 
Apple has detailed the security issues patched by Mac OS X 10.6.5 and the corresponding Security Update 2010-007 for Mac OS X 10.5, indicating that more than half of the security vulnerabilities in Mac OS X actually affect the Adobe Flash plugin and X11.

Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update (cataloged by their public Common Vulnerabilities and Exposures or CVE ID), 16 are related to X11, an optional install which enables Mac OS X to run apps designed for the Unix X Window specification. Another five are related to features in Mac OS X Server that are missing in the desktop version.

Nine more affect Apple's own QuickTime, one is related to the Mac OS X kernel, one affected Safari, and another 45 were found in various other code, including some that is proprietary to Apple (such as its AFP file server, CoreGraphics and CoreText) and some that is incorporated by Apple from open source projects into its operating system (including the Apache web server, CUPS printing, OpenLDAP, Python, and PHP).

However, the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the "most serious of which may lead to arbitrary code execution," Apple reports in its Apple Product Security update.

This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash (and of course, X11).



Security, battery issues unfortunate for Adobe

The security issues related to Flash are in fact the stated reason why Apple is backing away from bundling the plugin with its new computers. Apple began shipping the MacBook Air without Flash installed, noting that customers could install the plugin on their own to ensure they had the latest, most secure version.

However, testing indicates that in normal operation, Flash can also consume dramatic amounts of battery life just to animate web ads in the background, resulting in as much as two hours of lost productivity on a single charge.

After that fact was publicized, Adobe's CTO Kevin Lynch lashed out at Apple, saying in an interview, "I just think there's this negative campaigning going on, and, for whatever reason, Apple is really choosing to incite it, and condone it."

Lynch characterized Apple's exclusive support for HTML5 for displaying dynamic web content on iOS devices as "unfortunate" and "a blockade of certain types of expression," but also noted, "we support [standard based web development using] HTML. We're making tools for HTML5. It's a great opportunity for us."
post #2 of 26
The proof of the pudding is in the eating.

The proof of the bugging is in the patching.
post #3 of 26
I think I see AppleInsider's game. I'm not biting this bait

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #4 of 26
Quote:
Originally Posted by Suddenly Newton View Post

I think I see AppleInsider's game. I'm not biting this bait

Funnily enough, thats exactly what I was thinking about. By tomorrow morning, hundreds would have been baited. Let the comments begin. I am expecting a torrent of "... sucks" (Android, WP7, RIM, food, water, anything not made by apple).
post #5 of 26
How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #6 of 26
From everything I've read I'm with Apple on this. I find flash sites slow and clunky...just look at Nike's site! Uggh!

I think adobe is backing the wrong horse!

Best
post #7 of 26
Quote:
Originally Posted by bongo View Post

Funnily enough, thats exactly what I was thinking about. By tomorrow morning, hundreds would have been baited. Let the comments begin. I am expecting a torrent of "... sucks" (Android, WP7, RIM, food, water, anything not made by apple).

Well, it is Appleinsider, no? But is there any rational person out there that doesn't think that the iPod, iPhone and iPad are not serious game changers? Not to mention OSX, iMacs, MBP's and MBA's. Adobe just has not kept up. Complacency in business, especially Tech, is something very difficult to overcome... Just ask gateway, palm and compaq.

Really, u only have two choices, "lash out" or roll up your sleeves and do what u should have done 3 years ago. I have no sympathy for Adobe.

Best
post #8 of 26
Quote:
Originally Posted by mstone View Post

How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?

Apple just included Adobe's latest version of Flash in their update. There were 55 vulnerabilities fixed since the last version of Flash that Apple had included in their updates. These were spread across many minor versions of Flash. This site is like the Fox News of tech reporting.
post #9 of 26
Quote:
Originally Posted by mstone View Post

How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?

Well, think of it this way.

You have a primitive submarine that you want to be waterproof.

However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.

However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.

Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.

So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.

- I'm probably totally wrong here... but oh well... it was fun.
post #10 of 26
Quote:
Originally Posted by IQ78 View Post

Well, think of it this way.

You have a primitive submarine that you want to be waterproof.

However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.

However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.

Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.

So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.

- I'm probably totally wrong here... but oh well... it was fun.

That sounds about right. Would explain other updates that Apple has pushed to fix problems with Adobe software. In fact, it occurs to me now that the only third-party software you ever see fixes for in Apple's updates is Adobe, meaning either Apple really loves Adobe so much to do fixes for them, or Adobe's software is so bad yet so widespread that Apple fixes the holes they cause but refuse to fix just to keep things running more smoothly.
post #11 of 26
I still have this feeling that Microsoft will kick Adobe ass in a near future, Apple cannot, it has already battled in too many fronts.
Adobe could be the BEST software house on this planet. But strangely Adobe behave as if Microsoft is full of dumbs.
post #12 of 26
Quote:
Originally Posted by dazweeja View Post

...across many minor versions of Flash. This site is like the Fox News of tech reporting.

Meaning it's just right?
post #13 of 26
I'm not a programmer or anything, but I noticed that every time I run Disk Utility and repair permissions, almost every line of feedback notes that permissions have to be changed in relation to Java. Same thing after installing the latest OSX update.

What, if anything, does this say about the code? Just curious.
post #14 of 26
Oh God. Adobe is installing Windows XP on all of our Macs. Revolt!
post #15 of 26

deleted


Edited by MacRulez - 5/4/12 at 12:40pm
post #16 of 26
So Apple *is* providing the latest and greatest Flash for end users on Snow Leopard. I thought they "hated it, was waging a war on Flash, condoning further Flash-bashing" etc. etc.

But yeah, very Foxy Newsy of AI with this article.

Remember, if you can't explain it, it's Terrorists. Or Obama. Or both.
post #17 of 26
Bonus points for trying.

Quote:
Originally Posted by IQ78 View Post

Well, think of it this way.

You have a primitive submarine that you want to be waterproof.

However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.

However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.

Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.

So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.

- I'm probably totally wrong here... but oh well... it was fun.
post #18 of 26
Quote:
Originally Posted by AppleInsider View Post

Apple has detailed the security issues patched by Mac OS X 10.6.5 and the corresponding Security Update 2010-007 for Mac OS X 10.5, indicating that more than half of the security vulnerabilities in Mac OS X actually affect the Adobe Flash plugin and X11.

Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update (cataloged by their public Common Vulnerabilities and Exposures or CVE ID), 16 are related to X11, an optional install which enables Mac OS X to run apps designed for the Unix X Window specification. Another five are related to features in Mac OS X Server that are missing in the desktop version.

Nine more affect Apple's own QuickTime, one is related to the Mac OS X kernel, one affected Safari, and another 45 were found in various other code, including some that is proprietary to Apple (such as its AFP file server, CoreGraphics and CoreText) and some that is incorporated by Apple from open source projects into its operating system (including the Apache web server, CUPS printing, OpenLDAP, Python, and PHP).

However, the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the "most serious of which may lead to arbitrary code execution," Apple reports in its Apple Product Security update.

This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash (and of course, X11).



Security, battery issues unfortunate for Adobe

The security issues related to Flash are in fact the stated reason why Apple is backing away from bundling the plugin with its new computers. Apple began shipping the MacBook Air without Flash installed, noting that customers could install the plugin on their own to ensure they had the latest, most secure version.

However, testing indicates that in normal operation, Flash can also consume dramatic amounts of battery life just to animate web ads in the background, resulting in as much as two hours of lost productivity on a single charge.

After that fact was publicized, Adobe's CTO Kevin Lynch lashed out at Apple, saying in an interview, "I just think there's this negative campaigning going on, and, for whatever reason, Apple is really choosing to incite it, and condone it."

Lynch characterized Apple's exclusive support for HTML5 for displaying dynamic web content on iOS devices as "unfortunate" and "a blockade of certain types of expression," but also noted, "we support [standard based web development using] HTML. We're making tools for HTML5. It's a great opportunity for us."

I agree with this post flash does cause a problem and uses a lot of battery when viewing news shows, playing games, and etc. It crashes quite a bit also as from my own experience I had with it recently. Jobs is right.
post #19 of 26
deleted
post #20 of 26
Quote:
Originally Posted by MacRulez View Post

True: by not showing multimedia content in web pages those pages take less horsepower to render.

Whether Flash takes more horsepower than HTML5 to deliver *equivalent content* has not been tested yet beyond these results, which were not especially flattering to HTML5:
http://forums.appleinsider.com/showp...6&postcount=44

Tip: You can enjoy even longer battery life by just turning the device off.

ha ha ha ha ha ha ha. Coffee spit out.
What I got... 15" i7 w/8 gigs ram,iPad2 64gig wifi, 2.0 mac mini, 2.0 17" imac, appleTv, Still running my old G4 466 upgraded to 1.2GHz maxed ram as a pro tools machine, and 2 iphones.
Reply
What I got... 15" i7 w/8 gigs ram,iPad2 64gig wifi, 2.0 mac mini, 2.0 17" imac, appleTv, Still running my old G4 466 upgraded to 1.2GHz maxed ram as a pro tools machine, and 2 iphones.
Reply
post #21 of 26
Quote:
Originally Posted by dazweeja View Post

Apple just included Adobe's latest version of Flash in their update. There were 55 vulnerabilities fixed since the last version of Flash that Apple had included in their updates. These were spread across many minor versions of Flash. This site is like the Fox News of tech reporting.

Well, I prefer this to the MSNBC/CNN version of new patch released, on to the next subject...
Just say no to MacMall.  They don't honor their promotions and won't respond to customer inquiries.  There are better retailers out there.
Reply
Just say no to MacMall.  They don't honor their promotions and won't respond to customer inquiries.  There are better retailers out there.
Reply
post #22 of 26
deleted
post #23 of 26
deleted
post #24 of 26
Quote:
Originally Posted by MacRulez View Post

When I first read your post I thought you were likely overstating the case. So I looked up the CVE-IDs to prove you wrong - only to find out you're telling it straight up, and it's AI who's doing the sit-n-spin:

http://support.apple.com/kb/HT4435

Good work. Thanks for opening my eyes. Seems this sort of thing isn't just limited to political reporting.

Actually, the issue is that since Flash is shipped with Mac OS, those vulnerabilities are counted as PART of Mac OS and those numbers are used against Windows/Linux for vulnerabilities stats.

So here, the article is about this : stats.
post #25 of 26
Quote:
Originally Posted by MacRulez View Post

Anyone else find it amusing that AI promotes Adobe Creative Suite in their front page?


Well, some of us *actually* use Adobe products for a living. In my case mostly Dreamweaver and hard-to-live-without, Photoshop. This year I made a Flash microsite for a client. Actually, it has everything that's wrong with Flash.
post #26 of 26
Quote:
Originally Posted by nvidia2008 View Post

... This year I made a Flash microsite for a client. Actually, it has everything that's wrong with Flash.

It's a poor craftsman that blames his tools.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Adobe Flash contributes largest number of security patches in Apple's Mac OS X 10.5.6