Adobe Flash contributes largest number of security patches in Apple's Mac OS X 10.5.6

Posted:
in Mac Software edited January 2014
Apple has detailed the security issues patched by Mac OS X 10.6.5 and the corresponding Security Update 2010-007 for Mac OS X 10.5, indicating that more than half of the security vulnerabilities in Mac OS X actually affect the Adobe Flash plugin and X11.



Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update (cataloged by their public Common Vulnerabilities and Exposures or CVE ID), 16 are related to X11, an optional install which enables Mac OS X to run apps designed for the Unix X Window specification. Another five are related to features in Mac OS X Server that are missing in the desktop version.



Nine more affect Apple's own QuickTime, one is related to the Mac OS X kernel, one affected Safari, and another 45 were found in various other code, including some that is proprietary to Apple (such as its AFP file server, CoreGraphics and CoreText) and some that is incorporated by Apple from open source projects into its operating system (including the Apache web server, CUPS printing, OpenLDAP, Python, and PHP).



However, the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the "most serious of which may lead to arbitrary code execution," Apple reports in its Apple Product Security update.



This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash (and of course, X11).







Security, battery issues unfortunate for Adobe



The security issues related to Flash are in fact the stated reason why Apple is backing away from bundling the plugin with its new computers. Apple began shipping the MacBook Air without Flash installed, noting that customers could install the plugin on their own to ensure they had the latest, most secure version.



However, testing indicates that in normal operation, Flash can also consume dramatic amounts of battery life just to animate web ads in the background, resulting in as much as two hours of lost productivity on a single charge.



After that fact was publicized, Adobe's CTO Kevin Lynch lashed out at Apple, saying in an interview, "I just think there's this negative campaigning going on, and, for whatever reason, Apple is really choosing to incite it, and condone it."



Lynch characterized Apple's exclusive support for HTML5 for displaying dynamic web content on iOS devices as "unfortunate" and "a blockade of certain types of expression," but also noted, "we support [standard based web development using] HTML. We're making tools for HTML5. It's a great opportunity for us."

«1

Comments

  • Reply 1 of 25
    jmmxjmmx Posts: 341member
    The proof of the pudding is in the eating.



    The proof of the bugging is in the patching.
  • Reply 2 of 25
    I think I see AppleInsider's game. I'm not biting this bait
  • Reply 3 of 25
    bongobongo Posts: 158member
    Quote:
    Originally Posted by Suddenly Newton View Post


    I think I see AppleInsider's game. I'm not biting this bait



    Funnily enough, thats exactly what I was thinking about. By tomorrow morning, hundreds would have been baited. Let the comments begin. I am expecting a torrent of "... sucks" (Android, WP7, RIM, food, water, anything not made by apple).
  • Reply 4 of 25
    mstonemstone Posts: 11,510member
    How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?
  • Reply 5 of 25
    From everything I've read I'm with Apple on this. I find flash sites slow and clunky...just look at Nike's site! Uggh!



    I think adobe is backing the wrong horse!



    Best
  • Reply 6 of 25
    Quote:
    Originally Posted by bongo View Post


    Funnily enough, thats exactly what I was thinking about. By tomorrow morning, hundreds would have been baited. Let the comments begin. I am expecting a torrent of "... sucks" (Android, WP7, RIM, food, water, anything not made by apple).



    Well, it is Appleinsider, no? But is there any rational person out there that doesn't think that the iPod, iPhone and iPad are not serious game changers? Not to mention OSX, iMacs, MBP's and MBA's. Adobe just has not kept up. Complacency in business, especially Tech, is something very difficult to overcome... Just ask gateway, palm and compaq.



    Really, u only have two choices, "lash out" or roll up your sleeves and do what u should have done 3 years ago. I have no sympathy for Adobe.



    Best
  • Reply 7 of 25
    Quote:
    Originally Posted by mstone View Post


    How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?



    Apple just included Adobe's latest version of Flash in their update. There were 55 vulnerabilities fixed since the last version of Flash that Apple had included in their updates. These were spread across many minor versions of Flash. This site is like the Fox News of tech reporting.
  • Reply 8 of 25
    iq78iq78 Posts: 256member
    Quote:
    Originally Posted by mstone View Post


    How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?



    Well, think of it this way.



    You have a primitive submarine that you want to be waterproof.



    However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.



    However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.



    Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.



    So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.



    - I'm probably totally wrong here... but oh well... it was fun.
  • Reply 9 of 25
    Quote:
    Originally Posted by IQ78 View Post


    Well, think of it this way.



    You have a primitive submarine that you want to be waterproof.



    However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.



    However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.



    Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.



    So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.



    - I'm probably totally wrong here... but oh well... it was fun.



    That sounds about right. Would explain other updates that Apple has pushed to fix problems with Adobe software. In fact, it occurs to me now that the only third-party software you ever see fixes for in Apple's updates is Adobe, meaning either Apple really loves Adobe so much to do fixes for them, or Adobe's software is so bad yet so widespread that Apple fixes the holes they cause but refuse to fix just to keep things running more smoothly.
  • Reply 10 of 25
    I still have this feeling that Microsoft will kick Adobe ass in a near future, Apple cannot, it has already battled in too many fronts.

    Adobe could be the BEST software house on this planet. But strangely Adobe behave as if Microsoft is full of dumbs.
  • Reply 11 of 25
    Quote:
    Originally Posted by dazweeja View Post


    ...across many minor versions of Flash. This site is like the Fox News of tech reporting.



    Meaning it's just right?

  • Reply 12 of 25
    I'm not a programmer or anything, but I noticed that every time I run Disk Utility and repair permissions, almost every line of feedback notes that permissions have to be changed in relation to Java. Same thing after installing the latest OSX update.



    What, if anything, does this say about the code? Just curious.
  • Reply 13 of 25
    Oh God. Adobe is installing Windows XP on all of our Macs. Revolt!
  • Reply 14 of 25
    macrulezmacrulez Posts: 2,455member


    deleted

  • Reply 15 of 25
    So Apple *is* providing the latest and greatest Flash for end users on Snow Leopard. I thought they "hated it, was waging a war on Flash, condoning further Flash-bashing" etc. etc.



    But yeah, very Foxy Newsy of AI with this article.



    Remember, if you can't explain it, it's Terrorists. Or Obama. Or both.
  • Reply 16 of 25
    Bonus points for trying.



    Quote:
    Originally Posted by IQ78 View Post


    Well, think of it this way.



    You have a primitive submarine that you want to be waterproof.



    However, you quickly find out you need a pipe coming into the sub for air. So you run a pipe from inside of the sub through the hull and up above the surface. Now you have your air.



    However, you find out that harmful water can potentially get into the sub through the air-pipe. So you decide to make a watertight room INSIDE the sub, to be able to isolate it from critical parts of the sub. But you need air to some of the critical parts, so you allow holes in the wall of the watertight room so air can get to other parts of the sub, but you try to make these so that only air gets through and stops water.



    Then Adobe comes along and needs their air from the "watertight room", so they punch a square hole in the wall and run a round pipe through it, which they have permission to do since you "authorized" the installation.



    So, since you have control of the important rooms in the sub, you have to either build a new little room around the leaking pipe Adobe installed, to make sure their poorly made pipe doesn't allow water where it shouldn't be.



    - I'm probably totally wrong here... but oh well... it was fun.



  • Reply 17 of 25
    Quote:
    Originally Posted by AppleInsider View Post


    Apple has detailed the security issues patched by Mac OS X 10.6.5 and the corresponding Security Update 2010-007 for Mac OS X 10.5, indicating that more than half of the security vulnerabilities in Mac OS X actually affect the Adobe Flash plugin and X11.



    Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update (cataloged by their public Common Vulnerabilities and Exposures or CVE ID), 16 are related to X11, an optional install which enables Mac OS X to run apps designed for the Unix X Window specification. Another five are related to features in Mac OS X Server that are missing in the desktop version.



    Nine more affect Apple's own QuickTime, one is related to the Mac OS X kernel, one affected Safari, and another 45 were found in various other code, including some that is proprietary to Apple (such as its AFP file server, CoreGraphics and CoreText) and some that is incorporated by Apple from open source projects into its operating system (including the Apache web server, CUPS printing, OpenLDAP, Python, and PHP).



    However, the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the "most serious of which may lead to arbitrary code execution," Apple reports in its Apple Product Security update.



    This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash (and of course, X11).







    Security, battery issues unfortunate for Adobe



    The security issues related to Flash are in fact the stated reason why Apple is backing away from bundling the plugin with its new computers. Apple began shipping the MacBook Air without Flash installed, noting that customers could install the plugin on their own to ensure they had the latest, most secure version.



    However, testing indicates that in normal operation, Flash can also consume dramatic amounts of battery life just to animate web ads in the background, resulting in as much as two hours of lost productivity on a single charge.



    After that fact was publicized, Adobe's CTO Kevin Lynch lashed out at Apple, saying in an interview, "I just think there's this negative campaigning going on, and, for whatever reason, Apple is really choosing to incite it, and condone it."



    Lynch characterized Apple's exclusive support for HTML5 for displaying dynamic web content on iOS devices as "unfortunate" and "a blockade of certain types of expression," but also noted, "we support [standard based web development using] HTML. We're making tools for HTML5. It's a great opportunity for us."





    I agree with this post flash does cause a problem and uses a lot of battery when viewing news shows, playing games, and etc. It crashes quite a bit also as from my own experience I had with it recently. Jobs is right.
  • Reply 18 of 25
    macrulezmacrulez Posts: 2,455member
    deleted
  • Reply 19 of 25
    Quote:
    Originally Posted by MacRulez View Post


    True: by not showing multimedia content in web pages those pages take less horsepower to render.



    Whether Flash takes more horsepower than HTML5 to deliver *equivalent content* has not been tested yet beyond these results, which were not especially flattering to HTML5:

    http://forums.appleinsider.com/showp...6&postcount=44



    Tip: You can enjoy even longer battery life by just turning the device off.



    ha ha ha ha ha ha ha. Coffee spit out.
  • Reply 20 of 25
    razorpitrazorpit Posts: 1,796member
    Quote:
    Originally Posted by dazweeja View Post


    Apple just included Adobe's latest version of Flash in their update. There were 55 vulnerabilities fixed since the last version of Flash that Apple had included in their updates. These were spread across many minor versions of Flash. This site is like the Fox News of tech reporting.



    Well, I prefer this to the MSNBC/CNN version of new patch released, on to the next subject...
Sign In or Register to comment.