or Connect
AppleInsider › Forums › Software › Mac OS X › Apple blocks older versions of Adobe Flash Player in web plug-in update
New Posts  All Forums:Forum Nav:

Apple blocks older versions of Adobe Flash Player in web plug-in update

post #1 of 50
Thread Starter 
In a support document published on Friday, Apple confirmed that it has blocked older versions of Flash to protect Safari users from recently discovered vulnerabilities in the web content player.

Flash


While Adobe has already fixed the flaws being exploited, Apple instituted the plug-in-blocking feature in its Safari web browser to safeguard users who may not have downloaded the latest patches. The change affects Macs running OS X Mountain Lion, Lion, and Snow Leopard.

From Apple's support document:

To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player.


Users who have not yet downloaded the most recent version of Flash, designated as version 11.6.602.171, will see a "Blocked Plug-in" alert in Safari. Selecting the prompt will bring up a pop-up window containing a link to download and install the most up-to-date version of Adobe's software.

Adobe on Tuesday acknowledged the existence of three separate vulnerabilities being exploited in the wild, including one targeting the Firefox browser, and recommended users update to the latest Flash version.

With Flash being a popular form of content delivery on the web, nefarious programmers are constantly developing malicious software to take advantage of the player's many flaws. Most recently, Apple blocked Flash in early February to protect against a similar exploit.
post #2 of 50

They've been doing this for a few versions now, I think.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #3 of 50
Remember when people complained about the lack of Flash on iPhone. I can't say I'm worried about missing out on all of those viruses.
post #4 of 50

It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.

 

Edit: Of course now I know and I could always use Chrome but still...


Edited by mstone - 3/1/13 at 2:02pm

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #5 of 50
Java, Flash, Java, Flash...

What a merry jig to dance to!
post #6 of 50
I'm glad Apple has taken an aggressive approach in disabling vulnerable plugins (first Java, now Flash).

Me, I've uninstalled Flash altogether and haven't looked back. If there's flash content I need to view, I'll fire up Chrome, which has Flash embedded. Then when I'm done viewing, I switch back to Safari. I will not have my machine infected due to some crappy plugin! BTW, most newer YouTube videos work in Safari HTML5 just fine.
post #7 of 50
Quote:
Originally Posted by mstone View Post

It should be the user's choice. 

 

I disagree.

 

With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.

 

It's good that Apple is staying on top of things and fixing things quickly.

 

If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.

post #8 of 50
Steve may not have been a coder, but he knew a crappy implementation when he saw it.
post #9 of 50
Quote:
Originally Posted by mstone View Post

It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.

 

Giving how press media drool over any security issue could affected the MacOS, I understand well why Apple implemented this feature by default.  Any user knowledgeable enough knows how google a way to disable Xprotect

 

As far i'm concern, flash won't die soon enough.

post #10 of 50
Quote:
Originally Posted by mstone View Post

It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.

 

Edit: Of course now I know and I could always use Chrome but still...

 

 

Yeah, the problem with "user choice" is that most users choose not to update.  I oversee a lot of Mac and Windows users, and I see this happen all. the. time. 

 

 

Particularly with Java on Windows, where it prompts the user to update seemingly every week.  When I ask, they say they've just learned to ignore it because it pops up all the time.  My solution is to uninstall it.  I tell them, "There, problem solved.  You don't need it."

 

For the sake of the Internet at large, I'm thankful that many of these front-line programs (like browsers) and plugins (Flash) are starting to in invisible updates.

post #11 of 50
yes, because safari has never had a security hole
Groupthink is bad, mkay. Think Different is the motto.
Reply
Groupthink is bad, mkay. Think Different is the motto.
Reply
post #12 of 50
Quote:
Originally Posted by Apple ][ View Post

Quote:
Originally Posted by mstone View Post

It should be the user's choice. 

 

I disagree.

 

With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.

 

It's good that Apple is staying on top of things and fixing things quickly.

 

If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.

I am not sure how the blocking is initiated. If while updating Safari the installer alerts you that your old Flash has been disabled, I would be fine with that. I just don't want to be surprised at an inopportune time. If Apple was really trying to protect the user, they should block old Flash in all other browsers as well to completely mitigate the risk. If they are going to do this, it should be system wide and handled by OS X not Safari. That way people would know to update Flash while they are on fast networks not in the field.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #13 of 50

I'm getting REALLY f***ing sick of updating Flash and Java every two days. There should be a class action lawsuit against Adobe and Oracle for making us keep the two most poorly written programs ever written on our computers.

post #14 of 50
Quote:
Originally Posted by Apple ][ View Post

 

I disagree.

 

With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.

 

It's good that Apple is staying on top of things and fixing things quickly.

 

If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.

 

While it may be good for the end user, from a person who runs Macs in an educational IT environment its a very large pain in the ass. It seems like every other god damn day I have to push out either a Java update or a Flash update. And, I can't just disable Flash and Java altogether as both required for many different educational programs and websites. 

 

Apple's getting the blame anyways because Flash never works because they keep disabling it. Not every users knows how to go out and update Flash player all the time. Its getting to the point where people don't want to use the Macs because they never work in their eyes. 

 

Therefore, let me decide on whether or not I want to disable flash. Its my network so let ME decide!

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #15 of 50
Quote:
Originally Posted by mstone View Post

It should be the user's choice.

 

Then nothing would get updated. We're talking about the typical unaware user here. And when that unaware, clueless user gets nailed with malware that wipes their bank account out, who will they blame? Not themselves, of course, and not Adobe either. They will blame Apple. They always blame Apple. The tech media always blames Apple too...for everything. Force these users to update, no choice, no options.

post #16 of 50
Quote:
Originally Posted by bdkennedy1 View Post

I'm getting REALLY f***ing sick of updating Flash and Java every two days. There should be a class action lawsuit against Adobe and Oracle for making us keep the two most poorly written programs ever written on our computers.

I don't think they are poorly written just that they are extremely complex and have a lot of power to interact with the file system and the network. There was a time when even Javascript was a major security risk also, and there is always the potential that it could again be exploited. You know what they say about computers security. The only safe computer is one that is unplugged and turned off.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #17 of 50

I swear every single day there's at least one headline about either  big flash or adobe reader vulnerability. Unreal. And people crucified Apple on their decision to try and get rid of flash on mobile devices? 

post #18 of 50
Quote:
Originally Posted by macxpress View Post

Not every users knows how to go out and update Flash player all the time. 

And many of the users don't have permission to update software. Only administrators are allowed to update applications in typical educational and most corporate environments which could cause havoc if all the users needed the IT admin at the exact same time.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #19 of 50
Quote:
Originally Posted by macxpress View Post

 

While it may be good for the end user, from a person who runs Macs in an educational IT environment its a very large pain in the ass. It seems like every other god damn day I have to push out either a Java update or a Flash update. And, I can't just disable Flash and Java altogether as both required for many different educational programs and websites. 

 

Apple's getting the blame anyways because Flash never works because they keep disabling it. Not every users knows how to go out and update Flash player all the time. Its getting to the point where people don't want to use the Macs because they never work in their eyes. 

 

Therefore, let me decide on whether or not I want to disable flash. Its my network so let ME decide!

 

 

So you're saying that you would rather have X number of machines on your network with known vulnerabilities than have to deal with a user that whines that Flash is broken.  Ooookay.  I'm glad you work at an educational institution and not a bank or company that handles personal client info.  For us, a known vulnerability on our network simply isn't tolerable.

post #20 of 50
Quote:
Originally Posted by Apple ][ View Post

 

I disagree.

 

With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.

 

It's good that Apple is staying on top of things and fixing things quickly.

 

If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.

 

Can you explain how I can choose to only use "the very newest version" of JavaScript in Safari?

post #21 of 50

Well I guess I found out how it works. I just went to AI home page and Safari popped up the warning. I appreciate the notice but I can see how disabling the plug in automatically can be very inconvenient under certain circumstances. I use Safari as my default browser but given that they can disable my Flash whenever they feel like it, I probably should switch to Chrome.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #22 of 50
Originally Posted by bdkennedy1 View Post
…making us keep…

 

Ah, see, there's the problem with that. You don't.

 

Delete Flash. Delete Java. Live free.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #23 of 50

Here's what's STUPID.  I've had this version for a while now and i went to a site that had this warning message and I'm trying to figure out why it came up when I already have it.  I forget exactly what date I installed it, but it's been on my iMac for at least a week.

post #24 of 50
Quote:
Originally Posted by Tallest Skil View Post

 

Ah, see, there's the problem with that. You don't.

 

Delete Flash. Delete Java. Live free.

 

 

I wish I could delete the two of them, but there are still a bunch of lazy web developers still using that crap and there are sites that I frequent (no, they aren't porn), that require Flash or Java.

 

Can't we all just get along? LOL..

post #25 of 50
Originally Posted by drblank View Post
I wish I could delete the two of them, but there are still a bunch of lazy web developers still using that crap and there are sites that I frequent (no, they aren't porn), that require Flash or Java.

 

Then don't frequent those sites. They'll get the picture when they have to pay hundreds out of pocket for hosting costs.

 

Vote with your browser ("wallet"). Teach them that '90s-level tech isn't acceptable anymore.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #26 of 50

Why would anyone still be using Safari on their computers is beyond comprehension 

post #27 of 50
Originally Posted by agramonte View Post
Why would anyone still be using Safari on their computers is beyond comprehension 


Why we're not allowed to delete absolute stupidity like this is beyond comprehension. 


You have ZERO explanation or excuse for saying this. NOTHING you claim could ever possibly be a valid reason.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #28 of 50
Quote:
Originally Posted by neiltc13 View Post

 

Can you explain how I can choose to only use "the very newest version" of JavaScript in Safari?

My mistake, I was thinking about Flash And Java.

post #29 of 50
Quote:
Originally Posted by agramonte View Post

Why would anyone still be using Safari on their computers is beyond comprehension 

What a dumb comment.

 

I have all of the other browsers installed, but yet, I choose to use Safari, because that's what I prefer.

post #30 of 50
Quote:
Originally Posted by Tallest Skil View Post

 

Ah, see, there's the problem with that. You don't.

 

Delete Flash. Delete Java. Live free.


It is ironic that Disney, which Steve Jobs was a major shareholder, does a bunch of stuff in Flash. So, not deleting Flash for a while.

post #31 of 50
Quote:
Originally Posted by mstone View Post

The only safe computer is one that is unplugged and turned off.

 

post #32 of 50
Quote:
Originally Posted by pt123 View Post


It is ironic that Disney, which Steve Jobs was a major shareholder, does a bunch of stuff in Flash. So, not deleting Flash for a while.

Yes, it's funny that Jobs was blind to some things and so easily went ballistic over others.

Another example is keeping Intuit's Campbell on the board in spite of decades of crappy software - where they were intentionally making lousy Mac versions in order to switch people over to Windows.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #33 of 50
Quote:
Originally Posted by drblank View Post

I wish I could delete the two of them, but there are still a bunch of lazy web developers still using that crap and there are sites that I frequent, that require Flash or Java.

 

I'm sure there are some lazy developers but there are also some really advanced developers that are unable to do what they need to do without Flash.

 

I have given examples in the past but here is another one which I mentioned earlier in this thread but I want to elaborate on it.

 

Open Street Maps editors need Flash because there is no practical way except using Flash to drag vector images on to a map and have it update the data base. It also has a lot of features such as drawing tools on top of satellite imagery. Google maps has similar technology running in Javascript but the drawing part has to be done programmatically where as with Flash you can just draw vectors right on the map. You would think that an organization like Open Street Maps would use open source tools if it were possible to do what they need to do using them. But they don't because those tools don't exist. They have to use Flash to accomplish what they need to accomplish.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #34 of 50
Quote:
Originally Posted by mstone View Post

It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.

 

Edit: Of course now I know and I could always use Chrome but still...

It is the user's choice, you can turn off the auto removal in all 3 versions of OS X, just like you have the choice not to restrict apps to App Store or signed.  Even a very tech saavy person could fall victim to one of these exploits, I'm personally glad Apple is being so proactive no matter how much it might inconvenience me.  I don't blame Apple when my Java or Flash won't work.  I blame Adobe & Oracle, that is after all the logical place for the blame to fall.

post #35 of 50
Quote:
Originally Posted by macxpress View Post

Therefore, let me decide on whether or not I want to disable flash. Its my network so let ME decide!

 

Quote:
Originally Posted by mstone View Post

It should be the user's choice.

 

Simple.

 

Run Firefox or Chrome on your Mac.  (Though Firefox has been blocking older versions of Flash as well.)

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #36 of 50
Quote:
Originally Posted by _Rick_V_ View Post

 

 

So you're saying that you would rather have X number of machines on your network with known vulnerabilities than have to deal with a user that whines that Flash is broken.  Ooookay.  I'm glad you work at an educational institution and not a bank or company that handles personal client info.  For us, a known vulnerability on our network simply isn't tolerable.

 

You obviously have no idea what its like to work in an IT environment. Its not as simple as just upgrade the Macs all the time. Its a huge pain in the ass to do this. This isn't a consumer situation where sensitive tax data or whatever is stored on the Mac's HD.  There isn't any sensitive data on a workstation and any environment where there would be wouldn't have flash installed anyways, possibly Java as well. There's really no reason for a server to have flash installed which is where the real threat is. 

 

We have programs people depend on everyday for learning assessments and things like that. These are programs that HAVE to be up and running as both students and teachers are assessed based off these programs. To have to spend my day upgrading Macs is something I'd rather not be doing all the time. If the Mac doesn't work, then it gives the perception that this lab never works or is unreliable so it never gets used, thus wasting $40,000 worth of Macs which will never get upgraded because its never used. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #37 of 50
Quote:
Originally Posted by mstone View Post

I'm sure there are some lazy developers but there are also some really advanced developers that are unable to do what they need to do without Flash.

 

I have given examples in the past but here is another one which I mentioned earlier in this thread but I want to elaborate on it.

 

Open Street Maps editors need Flash because there is no practical way except using Flash to drag vector images on to a map and have it update the data base. It also has a lot of features such as drawing tools on top of satellite imagery. Google maps has similar technology running in Javascript but the drawing part has to be done programmatically where as with Flash you can just draw vectors right on the map. You would think that an organization like Open Street Maps would use open source tools if it were possible to do what they need to do using them. But they don't because those tools don't exist. They have to use Flash to accomplish what they need to accomplish.

 

They use Flash for the same reason anyone else does: It's an easy way to deliver eye candy for people with no programming skills, vulnerabilities be damned.

 

Quote:
Originally Posted by mstone View Post

You would think that an organization like Open Street Maps would use open source tools if it were possible to do what they need to do using them. But they don't because those tools don't exist. They have to use Flash to accomplish what they need to accomplish.

 

The open source crowd tend to give themselves a fair bit of latitude when it comes to those (ahem) "exceptions".  They take a stand on H.264 support but give MP3s and Adobe Flash a pass?

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #38 of 50
Quote:
Originally Posted by drblank View Post


I wish I could delete the two of them, but there are still a bunch of lazy web developers still using that crap and there are sites that I frequent (no, they aren't porn), that require Flash or Java.

Can't we all just get along? LOL..

Sadly the BBC news web site is a an example of what you say, it is astounding how some major sites are still not embracing HTML5.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #39 of 50
Quote:
Originally Posted by John.B View Post

They use Flash for the same reason anyone else does: It's an easy way to deliver eye candy for people with no programming skills, vulnerabilities be damned.


The open source crowd tend to give themselves a fair bit of latitude when it comes to those (ahem) "exceptions".  They take a stand on H.264 support but give MP3s and Adobe Flash a pass?

There are some designer oriented applications to create eye candy in HTML5 now such as Hype. Hopefully they will get better and more powerful soon.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #40 of 50
Quote:
Originally Posted by macxpress View Post

You obviously have no idea what its like to work in an IT environment. Its not as simple as just upgrade the Macs all the time. Its a huge pain in the ass to do this. This isn't a consumer situation where sensitive tax data or whatever is stored on the Mac's HD.  There isn't any sensitive data on a workstation and any environment where there would be wouldn't have flash installed anyways, possibly Java as well. There's really no reason for a server to have flash installed which is where the real threat is. 

We have programs people depend on everyday for learning assessments and things like that. These are programs that HAVE to be up and running as both students and teachers are assessed based off these programs. To have to spend my day upgrading Macs is something I'd rather not be doing all the time. If the Mac doesn't work, then it gives the perception that this lab never works or is unreliable so it never gets used, thus wasting $40,000 worth of Macs which will never get upgraded because its never used. 

Out of curiosity ...do you / can you... use OS X Server or Apple Desktop Remote to push upgrades out to all Macs on the network from a single Mac?
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Apple blocks older versions of Adobe Flash Player in web plug-in update