or Connect
AppleInsider › Forums › Software › Mac OS X › Software updates bring Flashback removal, Flash disabling to OS X Leopard
New Posts  All Forums:Forum Nav:

Software updates bring Flashback removal, Flash disabling to OS X Leopard

post #1 of 26
Thread Starter 
Apple on Monday released two software updates that bring recent OS X Lion security fixes regarding Java and Adobe Flash Player to Macs running previous generation operating system OS X 10.5 Leopard.

One month after rolling out a dedicated Flashback malware removal tool for OS X 10.7 Lion, Apple has released a "Leopard Flashback Removal Security Update" for the legacy OS.

The 1.23MB download will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over 600,000 Macs worldwide. The security update also disables the Java plug-in in Safari, though users can reactivate it by navigating to the Security tab in Safari > Preferences.

Mac OS X Leopard's second update disables versions of Adobe's Flash Player in Safari that do not have the most current security protocols. If detected, Leopard will display a dialog notifying users that the latest Flash Player is not running and will provide a link to the appropriate download. A similar fix was provided last week in a Safari update that followed the rollout of OS X Lion 10.7.4.

Leopard Security Update 2012-003 weighs in at 1.11MB and can be downloaded via Software Update or Apple's Support page.
post #2 of 26
Quote:
Originally Posted by AppleInsider View Post

Apple on Monday released two software updates that bring recent OS X Lion security fixes regarding Java and Adobe Flash Player to Macs running previous generation operating system OS X 10.5 Leopard.
One month after rolling out a dedicated Flashback malware removal tool for OS X 10.7 Lion, Apple has released a "Leopard Flashback Removal Security Update" for the legacy OS.
The 1.23MB download will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over 600,000 Macs worldwide. The security update also disables the Java plug-in in Safari, though users can reactivate it by navigating to the Security tab in Safari > Preferences.
Mac OS X Leopard's second update disables versions of Adobe's Flash Player in Safari that do not have the most current security protocols. If detected, Leopard will display a dialog notifying users that the latest Flash Player is not running and will provide a link to the appropriate download. A similar fix was provided last week in a Safari update that followed the rollout of OS X Lion 10.7.4.
Leopard Security Update 2012-003 weighs in at 1.11MB and can be downloaded via Software Update or Apple's Support page.

Love it. :)

 

I've been saying for years that people should just get real and toss Java and Flash out the window.  

Unless you work in a corporate environment there are few good reasons for a consumer to use Java at all.  

 

Disable both of those and you are safe as houses for the most part. 

post #3 of 26
Yay my mac mini can live again.
post #4 of 26

Cue all the bashers shrieking that Apple is TAKING AWAY OUR FREEDOM and ITS A SLIPPERY SLOPE.

 

It's a good move. Flash is a horrendously coded and incredibly insecure piece of software, the sooner its completely dead the better. 

post #5 of 26
Quote:
Originally Posted by Gazoobee View Post

Love it. 1smile.gif

I've been saying for years that people should just get real and toss Java and Flash out the window.  
Unless you work in a corporate environment there are few good reasons for a consumer to use Java at all.  

Disable both of those and you are safe as houses for the most part. 

Well until sites stop using Flash completely then what are you going to do. As I live in Switzerland the only way I can watch US TV is from sites that only use Flash, no I'm not going use iTunes for free TV. It sucks but what are you going to do. If you want to see what a modern Flash site can do check out this -> http://www.audiotool.com/app . I'm not promoting Flash, if HTML5 is better then so be it but where are all the sites. I agree about Java though, most consumers don't need it unless you use OpenOffice, LibreOffice, NetBeans, Eclipse, Thinkfree, UltraMixer, Zend Studio, Oxygen, Grokker, SquirrelSQL, DANA, Elluminate, ect. or work in a corporate environment like you said. I like Java but I have been a programmer for a very long time, your right however most consumers don't need it. Even though there are some pretty incredible programs available.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #6 of 26
Quote:
Originally Posted by AppleInsider View Post

The 1.23MB download will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over 600,000 Macs worldwide.

You left out "allegedly reported as 600,000 Macs by a company which was trying to fool people into buying its product".

The 600,000 number was pretty thoroughly debunked.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #7 of 26
Quote:
Well until sites stop using Flash completely then what are you going to do.

 

If your Macintosh will support it, you can upgrade to a later version of Mac OS X that is still receiving regular security updates (and that is supported by a current version of Adobe Flash or a patched release of the Java runtime). Mac OS X 10.7 seemingly does not include Java as part of a default installation. Though I think Intel-based Macintosh users on 10.5 can still get Flash Player 10.3 with current security patches, there is no corresponding PowerPC release of the Flash Player. (Yet another reason to utterly despise Adobe, although Flash Player was getting pretty draggy on PPC, at least up to a 1.25 GHz G4.)

 

In the event that you cannot move to a newer OS or Macintosh computer, you might be able to use something like HTML5 video with some sites.

 

The delivery of this update is rather unique in that Apple has tradtionally supported only one version of Mac OS X behind the current release. I take this to mean that such a policy might be revised if the issue is serious enough, as Flashback may well be.

 

I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.

post #8 of 26
Quote:
Originally Posted by jragosta View Post

You left out "allegedly reported as 600,000 Macs by a company which was trying to fool people into buying its product".
The 600,000 number was pretty thoroughly debunked.

Aaahhh, I'm getting so tired of this mightier then thou attitude that some of you forum members exhibit when it comes to negative news about Apple. Let me ask you a question, how long did it take for Apple to actually come out and say there was a problem and to release a fix, 2 months. I knew about Flashback when Oracle released their patch 2 months ago, where was Apple? Hey, don't get me wrong I believe a lot of the fault lies with the users downloading every crappy freeware they can get there hands on but I'm also not going to jump in front to catch a bullet for any company when they screw up. Why is it so hard to be critical of Apple when they blatantly dropped the ball on this. Yes Java has security issues but Apple was the one who had to have their own Java version because apparently using the company's version that invented the damn thing wasn't good enough, but hey they managed to patch theirs 2 months prior. So if your going to have your own version, then support it, patch it when there is a problem. This wouldn't have been in a problem when Oracle issued the warning and Apple would have jumped all over it patched it then or at least say we are also working on a patch, please be patient. No, instead it's like every other problem Apple has had in the past, wait till the villagers are at the draw bridge with pitch forks and torches before they move on it.

Yes, I'm with a lot of you, consumers don't need Java unless they're running a specific program that requires it. In that case, please always use the version from Oracle, it's a lot more stable and wouldn't you know it, better security.

Rant over, you may now commence calling me an Apple hater.........
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #9 of 26
Quote:
Originally Posted by UnexpectedBill View Post

If your Macintosh will support it, you can upgrade to a later version of Mac OS X that is still receiving regular security updates (and that is supported by a current version of Adobe Flash or a patched release of the Java runtime). Mac OS X 10.7 seemingly does not include Java as part of a default installation. Though I think Intel-based Macintosh users on 10.5 can still get Flash Player 10.3 with current security patches, there is no corresponding PowerPC release of the Flash Player. (Yet another reason to utterly despise Adobe, although Flash Player was getting pretty draggy on PPC, at least up to a 1.25 GHz G4.)

In the event that you cannot move to a newer OS or Macintosh computer, you might be able to use something like HTML5 video with some sites.

The delivery of this update is rather unique in that Apple has tradtionally supported only one version of Mac OS X behind the current release. I take this to mean that such a policy might be revised if the issue is serious enough, as Flashback may well be.

I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.

Hmm good question, I still have a functional Macbook 12" 1.5GHZ, I can try it out. Still love that thing, one of my favorite Apple notebooks next to the Powerbook 2400. My 2400 had a custom clear body I bought from a guy in Tokyo, I even found a clear blue keyboard to go with it. I sold it back in 2001 for 2,000 CHF, idiot. I needed the cash for the Titanium so what's a girl to do. Oh the Titanium, lovely machine flimsy joints. It's funny about Flash, Adobe said no more mobile versions but they update the damn thing every 2 weeks. Look at the build numbers for the normal desktop they match the mobile version, dead my butt. Wait, hold on, yep the Android version was last updated on May 4th, performance improvements, bug fixes and stability issues, yea this thing isn't going anywhere soon.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #10 of 26

Would be nice if Apple provided a few more Safari updates as well for the 10.5.8 PPC stalwarts too!  ;)  

post #11 of 26
Quote:
Originally Posted by libertyforall View Post

Would be nice if Apple provided a few more Safari updates as well for the 10.5.8 PPC stalwarts too!  1wink.gif  

I've never been a big fan of Safari. I always found Firefox and Chrome to be better browsers. However for PowerPC then yes Safari would be the way to go. I know this is going to sound strange but have you given it much thought about installing Linux on your PowerPC machine. Arch Linux for instance runs extremely well or maybe even Debian. You should check it out, install Gnome 3 on it while your at it and you should find it to be quite a nice experience. I still like the PowerPC cpu, I think if configured correctly with a well tuned OS you can still have one hell of a machine.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #12 of 26
Quote:
Originally Posted by Slurpy View Post

Cue all the bashers shrieking that Apple is TAKING AWAY OUR FREEDOM and ITS A SLIPPERY SLOPE.

It's a good move. Flash is a horrendously coded and incredibly insecure piece of software, the sooner its completely dead the better. 

I completely agree with you.

Until I visit a website with Flash content. Then I completely disagree with you.
post #13 of 26
Quote:
Originally Posted by Obama View Post

I completely agree with you.
Until I visit a website with Flash content. Then I completely disagree with you.

Hehe, well put sir, well put.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #14 of 26
Quote:
Originally Posted by UnexpectedBill View Post

 

I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.

Nope, no security update for Leopard on PPC as of this moment.

 

As G4 Macs do not support the latest version of Flash this does not surprise me.

Hey, this Kool-Aid is delicious, what do you put in it?!
Reply
Hey, this Kool-Aid is delicious, what do you put in it?!
Reply
post #15 of 26
Quote:
Originally Posted by andyapple View Post

Nope, no security update for Leopard on PPC as of this moment.

As G4 Macs do not support the latest version of Flash this does not surprise me.

I don't think there is a virus or malware that exists on PPC anymore so who really cares about a security update, I was more interested in perhaps getting a little more speed.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #16 of 26
Quote:
Originally Posted by Relic View Post
…I was more interested in perhaps getting a little more speed.

 

Uninstall Flash, then.

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply
post #17 of 26
Quote:
Originally Posted by Tallest Skil View Post

Uninstall Flash, then.


Uuuuuuhhh nnnoooooooo.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #18 of 26
Quote:
Originally Posted by Relic View Post
Uuuuuuhhh nnnoooooooo.

 

Then you can't complain about speed.

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply
post #19 of 26
Quote:
Originally Posted by jragosta View Post

The 600,000 number was pretty thoroughly debunked.

By whom, I thought the number was slightly larger?

post #20 of 26
Quote:
Originally Posted by RoboTone View Post

By whom, I thought the number was slightly larger?

The number of infected computers reportedly dropped from 600,000 to 200,000 three days BEFORE Apple released a fix-and this drop occurred in one day. There was a command line fix earlier, but very few people would have used that - and it would have led to a gradual decline rather than a precipitous drop.

Furthermore, there were some serious questions about how they managed to track the 'infection' without having access to the servers. Unless they were monitoring all the Internet access of many thousands of computers, it would not have been possible.

Finally, look at the numbers. They reported infection numbers of 0.1% in a number of countries. That means that they would have had to monitor a minimum of 1,000 computers in each of those countries - which means that they would have had to be monitoring many tens of thousands of computers.

It was all discussed in detail when this story first came out.

Of course, there is also the morality issue. If they knew about 600,000 infected computers, why did they not notify the people?
Quote:
Originally Posted by Relic View Post

Aaahhh, I'm getting so tired of this mightier then thou attitude that some of you forum members exhibit when it comes to negative news about Apple. Let me ask you a question, how long did it take for Apple to actually come out and say there was a problem and to release a fix, 2 months. I knew about Flashback when Oracle released their patch 2 months ago, where was Apple?

So pointing out that the number is bogus is a 'mightier than thou attitude'?

They were criticized because the numbers are BS - not because they were critical of Apple.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #21 of 26
Quote:
Originally Posted by Tallest Skil View Post

Uninstall Flash, then.

 

DoNE! :)

 

May I pay a small tribute though to Dave Hillman Curtis, who recently passed away at quite a young age. He is credited with revolutionising Flash in the early part of last decade. While some may be critical of him, his early Flash thoughts were developing rich sites and not abusing it with flashy ads. For example, he famously wrote that the "Loading" screen should never say "Loading", or something to that effect. That is, why should the user care that it is loading, surely some other things can be done while it is "loading" ~ hence preloaders that were more than just a progress bar. He explored various interactive media issues and commented on them in ways that still apply to all new media today, from apps through to the self check-in kiosk at the airport. RIP Dave, RIP Adobe Flash.

post #22 of 26
Quote:
Originally Posted by Tallest Skil View Post

Then you can't complain about speed.


I was just playing, I only watch flash stuff on my Samsung 7.7" as that's my designated media player. The speed is actualy not bad, there was an update a month back that seemed to fix most of the lag I was getting for Android 4.04. My iMac seems to be unefected becasue that blazes threw Flash. I know Adobe said,"No more updates for mobile flash" but they've sure been kicking them out lately, almost twice a month and the versions are getting more stable and faster. I think they realized how many sited are actually still using it or they lied, I'm going for the latter. The latest update was on May 4th.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #23 of 26
Quote:
Originally Posted by UnexpectedBill View Post

 

If your Macintosh will support it, you can upgrade to a later version of Mac OS X that is still receiving regular security updates (and that is supported by a current version of Adobe Flash or a patched release of the Java runtime). Mac OS X 10.7 seemingly does not include Java as part of a default installation. Though I think Intel-based Macintosh users on 10.5 can still get Flash Player 10.3 with current security patches, there is no corresponding PowerPC release of the Flash Player. (Yet another reason to utterly despise Adobe, although Flash Player was getting pretty draggy on PPC, at least up to a 1.25 GHz G4.)

 

In the event that you cannot move to a newer OS or Macintosh computer, you might be able to use something like HTML5 video with some sites.

 

The delivery of this update is rather unique in that Apple has tradtionally supported only one version of Mac OS X behind the current release. I take this to mean that such a policy might be revised if the issue is serious enough, as Flashback may well be.

 

I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.


The Flashback trojan, as it existed in the wild, required an Intel-based Mac in order to perform any malicious action.  The attack vector was through Java, but the actual payload was a native executable.  And that executable was not Universal; it was Intel-only.

 

So, at the moment, even if a PowerPC-based Mac did come into contact with a website attempting to install the Flashback attack, no immediate harm would come to your system.  Hence, there's no pressing need for Apple to go out of its way to engineer a PowerPC version of the clean-up tool.

 

As for the Flash update notification utility -- there is no newer version of Flash for a PowerPC-based customer to upgrade to.  So the smarter thing for anybody to do is to simply uninstall the Flash plugin entirely.

 

Web browsers:

Currently, there are known vulnerabilities in the final version of PowerPC Safari which have not received a fix, so as far as I'm concerned, continuing to use Safari on Leopard is totally out of the question.  I would suggest that anybody still using either Leopard or a PowerPC-based Mac should jump over to the Firefox bandwagon.  Ok, not Firefox specifically, because they also dropped official support for PowerPC.  But their source code is still almost entirely compatible with PowerPC, and an independent branch called TenFourFox (a reference to the fact that it runs on OS X 10.4) has opened up to fill in the gaps.  The current version, TenFourFox 10.0.4, is security- and (almost) functionally-identical to the current ESR release of Firefox.


Edited by lfmorrison - 5/15/12 at 9:55am
post #24 of 26
Apple should just bite the bullet now and have a "Patch Tuesday" each month with their own "Malicious Software Removal Tool" just like Microsoft. As more and more people use Macs, the development of viruses on that platform will only increase.
post #25 of 26
Quote:
Originally Posted by vandil View Post
Apple should just bite the bullet now and have a "Patch Tuesday" each month with their own "Malicious Software Removal Tool" just like Microsoft. 

 

But it's not needed at all.

 

Quote:
As more and more people use Macs, the development of viruses on that platform will only increase.

 

Please stop this FUD. People have been saying this for twenty years. It isn't happening. Give it up.

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply

Originally posted by Relic

...those little naked weirdos are going to get me investigated.
Reply
post #26 of 26
Quote:
Originally Posted by jragosta View Post


The number of infected computers reportedly dropped from 600,000 to 200,000 three days BEFORE Apple released a fix-and this drop occurred in one day. There was a command line fix earlier, but very few people would have used that - and it would have led to a gradual decline rather than a precipitous drop.
Furthermore, there were some serious questions about how they managed to track the 'infection' without having access to the servers. Unless they were monitoring all the Internet access of many thousands of computers, it would not have been possible.
Finally, look at the numbers. They reported infection numbers of 0.1% in a number of countries. That means that they would have had to monitor a minimum of 1,000 computers in each of those countries - which means that they would have had to be monitoring many tens of thousands of computers.
It was all discussed in detail when this story first came out.
Of course, there is also the morality issue. If they knew about 600,000 infected computers, why did they not notify the people?
So pointing out that the number is bogus is a 'mightier than thou attitude'?
They were criticized because the numbers are BS - not because they were critical of Apple.

Do you have any links to support this? All you have provided is hearsay - even Gruber accepts the figures in question http://daringfireball.net/2012/04/flashback_eword and he would be the first to debunk them.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Software updates bring Flashback removal, Flash disabling to OS X Leopard