Apple decision to disable old Flash versions lauded by Adobe security chief

Posted:
in General Discussion edited January 2014
Adobe's senior director of security praised Apple for rolling out a Safari update on Wednesday that disabled old Flash Player versions that may be vulnerable to malicious code.

Adobe Senior Director of Security, Products and Services Brad Arkin commended Apple's move to automatically disable obsolete versions of his company's Flash Player in a Wednesday blog post, reports MacWorld.

"We welcome today's initiative by Apple to encourage Mac users to stay up-to-date," Arkin wrote yesterday in a post on the Adobe Secure Software Engineering Team (ASSET) blog. "Remember: The single most important thing we can do to protect ourselves from the bad guys is to stay up-to-date. A thank you to the security team at Apple for working with us to help protect our mutual customers!"

The post was in response to Apple's Safari 5.1.7 update that runs on OS X Lion, Snow Leopard and Windows 7, XP, and Vista. Flash software older than version 10.1.102.64, which dates back to November 2010, are automatically disabled in the update which leaves users to manually reinstate the software if they want to use legacy players.

Arkin went on to recap the steps Adobe is taking with its various product lines, background updating for example, to ensure the security of its customers. While not all of Adobe's automated updating tools are available to Mac users, the security chief did note that the company is continuing to develop products for Apple's OS.

"A Mac version of the Flash Player background updater is currently in beta and will be available very soon—stay tuned," Arkin said.

Adobe released an emergency update to fix a cross-platform Flash exploit less than a week ago and while many Windows PCs were automatically fixed, Mac users were left to install the software manually.


Brad Arkin
Adobe security chief Brad Arkin speaking in a company video. | Source: Adobe


Apple and Adobe's relationship has been somewhat strained since Steve Jobs wrote an open letter in 2010 that described Flash as being a PC-era format that "falls short" in the current low-power mobile computing environment.

Later in 2011 Adobe CEO Shantanu Narayen downplayed the Flash on iOS debacle, saying that the dispute was over. He went on to predict that Flash-packing Android tablets would one day dominate Apple's iPad and that HP and RIM would make headway in the enterprise tablet market. Five months later Adobe announced that it was halting further development of Flash for mobile devices, saying that it was turning its focus to HTML5 and AdobeAIR instead.

Comments

  • Reply 1 of 17
    tallest skiltallest skil Posts: 43,399member


    Ah, so all the people on here whining about how terrible it is that Apple did this… and Adobe themselves are behind the decision. Nice.

  • Reply 2 of 17
    londorlondor Posts: 256member

    Quote:

    Originally Posted by Tallest Skil View Post


    Ah, so all the people on here whining about how terrible it is that Apple did this.



     


    Why is it terrible? You can re-enable the out of date plug-in if you want to. I just don't get why some people are complaining.


     


    http://support.apple.com/kb/HT5271

  • Reply 3 of 17
    poochpooch Posts: 768member

    Quote:

    Originally Posted by Tallest Skil View Post


    Ah, so all the people on here whining about how terrible it is that Apple did this… and Adobe themselves are behind the decision. Nice.





    who is whining and where?  in this thread, yours is the first and only comment thus far.  if you're referring to the 5.1.7 announcement, there are about 30 comments, only two of which are critical about the update, and only one of those two is "whiny". 

  • Reply 4 of 17
    gtrgtr Posts: 3,231member


    If the best idea in the room isn't yours, then the best idea is to back to the hilt whoever thought of it.


     


    Anybody here familiar with Adobe PR speak?


     


    Does 'very soon' mean 'Half Life 3 soon' or 'fixing mobile Flash soon' or is he referring to something that we may see within a year or so?

  • Reply 5 of 17
    orthorimorthorim Posts: 142member


    "Whooo Apple is fixing our problems"


     


    The real solution will be when they properly sandbox Flash.


     


    Another thing I absolutely don't get is Adobe's "update Flash" popup - Flash should not be allowed to show such a popup (link to install some software which may or may not be a spoof). Not in a million years. Even if they were allowed, they shouldn't do it - the official update prompt looks like malware. And malware is already made to look exactly like the official install prompt. They should be allowed to present a link which then goes to the official installer page. Or just do away with it and silently auto-update in the background, the way Google does it. 


     


    Sigh. Flash is such Bullshit.


     


    /rant 


     


    ;)

  • Reply 6 of 17
    gtrgtr Posts: 3,231member

    Quote:

    Originally Posted by orthorim View Post


    "Whooo Apple is fixing our problems"


     


    The real solution will be when they properly sandbox Flash.


     


    Another thing I absolutely don't get is Adobe's "update Flash" popup - Flash should not be allowed to show such a popup (link to install some software which may or may not be a spoof). Not in a million years. Even if they were allowed, they shouldn't do it - the official update prompt looks like malware. And malware is already made to look exactly like the official install prompt. They should be allowed to present a link which then goes to the official installer page. Or just do away with it and silently auto-update in the background, the way Google does it. 


     


    Sigh. Flash is such Bullshit.


     


    /rant 


     


    ;)



     


    That's no rant.


     


    That's a genuine concern, and I utterly agree.


     


    Whenever I get my little 'update Flash' window I dutifully close it, go into System Preferences and update Flash from there.


     


    Adobe's updater does look like potential malware.

  • Reply 7 of 17
    christophbchristophb Posts: 1,452member
    gtr wrote: »
    That's no rant.

    That's a genuine concern, and I utterly agree.

    Whenever I get my little 'update Flash' window I dutifully close it, go into System Preferences and update Flash from there.

    Adobe's updater does look like potential malware.

    I agree with the decision. It's for Apple and Adobe's mutual benefit. It's business... Smart business.
  • Reply 8 of 17
    jeffdmjeffdm Posts: 12,946member
    Apple and Adobe agree on something with respect to Flash. Did anyone see avian swine around here?

    orthorim wrote: »
    "Whooo Apple is fixing our problems"

    The real solution will be when they properly sandbox Flash.

    Another thing I absolutely don't get is Adobe's "update Flash" popup - Flash should not be allowed to show such a popup (link to install some software which may or may not be a spoof). Not in a million years. Even if they were allowed, they shouldn't do it - the official update prompt looks like malware. And malware is already made to look exactly like the official install prompt. They should be allowed to present a link which then goes to the official installer page. Or just do away with it and silently auto-update in the background, the way Google does it. 

    I agree, I was very wary of the pop-up. I think they're offering auto-updates, which might be a good solution.
  • Reply 9 of 17
    lkrupplkrupp Posts: 6,789member


    Wait, Adobe has a security chief? I did not know that.

  • Reply 10 of 17
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by JeffDM View Post

    Apple and Adobe agree on something with respect to Flash. Did anyone see avian swine around here?


     


    Well, that's that. Stock up on nonperishables, everyone, the zombie apocalypse is upon us. Remember those bird flu scares? And those swine flu scares?



    The viruses have crossbred and it's gonna kill us all. Well, at least the ones that aren't immune. Good news is, if you are immune, you get to fight off the undead hordes of everyone else. 


     


    Why's that good news? Because when everyone's an undead zombie, you can kill them all, and with them all dead, nothing will stop you from waltzing into Infinite Loop 6 and getting your hands on the next iPhone!


     


    Though it'll probably be a while before civilization rebuilds itself to the point where we can take advantage of LTE again. And… charge batteries. So! The faster the survivors kill off the zombies, the faster you can get to repopulating and the faster you can use your new iPhone!


     


    Quote:

    Originally Posted by lkrupp View Post

    Wait, Adobe has a security chief? I did not know that.


     


    Pretty easy to miss. Don't beat yourself up over it. image

  • Reply 11 of 17
    cgjcgj Posts: 276member
    The 5.1.7 update was so effective.

    It didn't stop m using Flash, yet I was a whole update behind.

    Latest: 11.2.202.235
    Mine was: 11.1.203.306

    Obviously it only works if you have the Flash System Preferences plugin
  • Reply 12 of 17
    eksodoseksodos Posts: 186member


    This update blew me away in terms of efficiency and implementation. It truly is a great update for consumers.

  • Reply 13 of 17


    As a sometime Flash developer -- I laud it too.


     


    Having to design for "version 8 or 9" of Flash so that MOST people can view your content is a pain. If you GUARANTEE that everyone is using Flash version 11 -- it gets rid of the Lowest Common denominator.


     


    People would upgrade more if it was automatic in a "trusted" environment. It's been attempted before -- by Microsoft -- but in an ad hoc manner.


     


    The App Store Apple is pushing does a great job of creating a "trusted environment" -- but if there were a million flavors of the "iOS platform" like you had with Android -- people would turn it off because they just want to stay with "what works." Only in a vertical environment of enforced standards can automatic upgrades and trusted software really work.


     


    >> That can be a blessing and a curse; If Apple ever becomes the dominant platform -- the FEES charged by the App Store will have to be revisited. Sure, 30% is a no-brainer for a small software foundry that had to do their own marketing and distribution before -- you can get a 100% of nothing + Expenses or 70% of something with almost NOT expenses. But when you have NO CHOICE but to deliver via the App Store -- it has to become like a Utility.


     


    WE are not there yet -- but there will come the day. If you cannot distribute on anything but the App Store in a reasonable way -- the fee should be around 5% or NONE AT ALL. It becomes like public utility at that point. The INTERNET should have been the same -- because the main expense for the infrastructure was and is paid for by the Taxpayer -- but ISPs charge for a "service" to provide the last mile connection and act as gatekeepers to something they never created or maintain.


     


    The "World Wide Web" is a system where an URL finds an IP address for us -- it's distributed to our Internet Providers (but doesn't HAVE to be -- it just speeds it up). For instance; without a "Man In the Middle" attack, we usually can trust that "applesider.com" goes to this website. The App Store doesn't create the software -- it's just a reliable way to police for incompatible and trojan horse laden shovelware. It's a public service with a single provider.


     


    If Apple grows to over 30 or 50% of the market -- and our anti-trust system is STILL FUNCTIONING (big "IF" actually) then I fully expect that the App Store is going to have to find a new way to get revenue or drastically reduce it's markup.

  • Reply 14 of 17
    jeffdmjeffdm Posts: 12,946member
    As a sometime Flash developer -- I laud it too.

    Having to design for "version 8 or 9" of Flash so that MOST people can view your content is a pain. If you GUARANTEE that everyone is using Flash version 11 -- it gets rid of the Lowest Common denominator.

    People would upgrade more if it was automatic in a "trusted" environment. It's been attempted before -- by Microsoft -- but in an ad hoc manner.

    The App Store Apple is pushing does a great job of creating a "trusted environment" -- but if there were a million flavors of the "iOS platform" like you had with Android -- people would turn it off because they just want to stay with "what works." Only in a vertical environment of enforced standards can automatic upgrades and trusted software really work.

    >> That can be a blessing and a curse; If Apple ever becomes the dominant platform -- the FEES charged by the App Store will have to be revisited. Sure, 30% is a no-brainer for a small software foundry that had to do their own marketing and distribution before -- you can get a 100% of nothing + Expenses or 70% of something with almost NOT expenses. But when you have NO CHOICE but to deliver via the App Store -- it has to become like a Utility.

    WE are not there yet -- but there will come the day. If you cannot distribute on anything but the App Store in a reasonable way -- the fee should be around 5% or NONE AT ALL. It becomes like public utility at that point. The INTERNET should have been the same -- because the main expense for the infrastructure was and is paid for by the Taxpayer -- but ISPs charge for a "service" to provide the last mile connection and act as gatekeepers to something they never created or maintain.

    The "World Wide Web" is a system where an URL finds an IP address for us -- it's distributed to our Internet Providers (but doesn't HAVE to be -- it just speeds it up). For instance; without a "Man In the Middle" attack, we usually can trust that "applesider.com" goes to this website. The App Store doesn't create the software -- it's just a reliable way to police for incompatible and trojan horse laden shovelware. It's a public service with a single provider.

    If Apple grows to over 30 or 50% of the market -- and our anti-trust system is STILL FUNCTIONING (big "IF" actually) then I fully expect that the App Store is going to have to find a new way to get revenue or drastically reduce it's markup.

    I'm sorry, but what? Microsoft has escaped antitrust with larger market shares than that. I doubt Mac OS X will ever get that large of a market share.

    Your 5% cut sounds highly entitled to me. 30% is actually a very reasonable cut. You don't account for credit card transaction fees (which can get to 5% alone), servers, maintenance, infrastructure, data center costs, curating the store. It's not a profit center like you want to think of it. Data centers cost billions a pop, and Apple has several to support their app and content stores, and provide iCloud to all Apple users ad free and without charge, up to 5GB.

    Internet backbones are not government owned or maintained. The only thing government owned is the right of way.

    When you get a better understanding of the real world, then you won't be saying such things.
  • Reply 15 of 17


    ...

  • Reply 16 of 17


    They have an auto updater. Why wouldn't this be to their benefit? It helps their reputation for security and it's about to become a non issue anyway. They have a 96% install base in browsers, but only 50% is currently up to the latest greatest player. Disabling old plugins and silently updating new ones is a great way for them to eliminate security issues and push technology adoption forward faster.

  • Reply 17 of 17
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by jeffreytgilbert View Post

    Adobe just got trolled so hard... epic. all they had to do was shut up. lol


     


    lolololololololololololoolololoololl!!!!11!!!!!!!oneoneonetwotwothreeoneelevenmilliononehundredeleventhousandonehundredeleven


     


    Come off it.


     


    Quote:



    Safari is, what, 8% of the browser market? Why are they even entertaining this when they know they have an autoupdater on the horizon.




     


    Having what to do with anything?

Sign In or Register to comment.