Software updates bring Flashback removal, Flash disabling to OS X Leopard

Posted:
in macOS edited January 2014
Apple on Monday released two software updates that bring recent OS X Lion security fixes regarding Java and Adobe Flash Player to Macs running previous generation operating system OS X 10.5 Leopard.

One month after rolling out a dedicated Flashback malware removal tool for OS X 10.7 Lion, Apple has released a "Leopard Flashback Removal Security Update" for the legacy OS.

The 1.23MB download will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over 600,000 Macs worldwide. The security update also disables the Java plug-in in Safari, though users can reactivate it by navigating to the Security tab in Safari > Preferences.

Mac OS X Leopard's second update disables versions of Adobe's Flash Player in Safari that do not have the most current security protocols. If detected, Leopard will display a dialog notifying users that the latest Flash Player is not running and will provide a link to the appropriate download. A similar fix was provided last week in a Safari update that followed the rollout of OS X Lion 10.7.4.

Leopard Security Update 2012-003 weighs in at 1.11MB and can be downloaded via Software Update or Apple's Support page.
«1

Comments

  • Reply 1 of 25
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by AppleInsider View Post



    Apple on Monday released two software updates that bring recent OS X Lion security fixes regarding Java and Adobe Flash Player to Macs running previous generation operating system OS X 10.5 Leopard.

    One month after rolling out a dedicated Flashback malware removal tool for OS X 10.7 Lion, Apple has released a "Leopard Flashback Removal Security Update" for the legacy OS.

    The 1.23MB download will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over 600,000 Macs worldwide. The security update also disables the Java plug-in in Safari, though users can reactivate it by navigating to the Security tab in Safari > Preferences.

    Mac OS X Leopard's second update disables versions of Adobe's Flash Player in Safari that do not have the most current security protocols. If detected, Leopard will display a dialog notifying users that the latest Flash Player is not running and will provide a link to the appropriate download. A similar fix was provided last week in a Safari update that followed the rollout of OS X Lion 10.7.4.

    Leopard Security Update 2012-003 weighs in at 1.11MB and can be downloaded via Software Update or Apple's Support page.


    Love it. :)


     


    I've been saying for years that people should just get real and toss Java and Flash out the window.  


    Unless you work in a corporate environment there are few good reasons for a consumer to use Java at all.  


     


    Disable both of those and you are safe as houses for the most part. 

  • Reply 2 of 25
    Yay my mac mini can live again.
  • Reply 3 of 25
    slurpyslurpy Posts: 5,382member


    Cue all the bashers shrieking that Apple is TAKING AWAY OUR FREEDOM and ITS A SLIPPERY SLOPE.


     


    It's a good move. Flash is a horrendously coded and incredibly insecure piece of software, the sooner its completely dead the better. 

  • Reply 4 of 25
    relicrelic Posts: 4,735member
    gazoobee wrote: »
    Love it. :)

    I've been saying for years that people should just get real and toss Java and Flash out the window.  
    Unless you work in a corporate environment there are few good reasons for a consumer to use Java at all.  

    Disable both of those and you are safe as houses for the most part. 

    Well until sites stop using Flash completely then what are you going to do. As I live in Switzerland the only way I can watch US TV is from sites that only use Flash, no I'm not going use iTunes for free TV. It sucks but what are you going to do. If you want to see what a modern Flash site can do check out this -> http://www.audiotool.com/app . I'm not promoting Flash, if HTML5 is better then so be it but where are all the sites. I agree about Java though, most consumers don't need it unless you use OpenOffice, LibreOffice, NetBeans, Eclipse, Thinkfree, UltraMixer, Zend Studio, Oxygen, Grokker, SquirrelSQL, DANA, Elluminate, ect. or work in a corporate environment like you said. I like Java but I have been a programmer for a very long time, your right however most consumers don't need it. Even though there are some pretty incredible programs available.
  • Reply 5 of 25
    jragostajragosta Posts: 10,473member
    The 1.23MB <a href="http://support.apple.com/kb/DL1534">download</a> will scan a Mac's hard drive for the Flashback trojan and, if found, will remove the malicious code that at one point affected over <a href="http://www.appleinsider.com/articles/12/04/05/flashback_trojan_estimated_to_have_infected_600k_macs_worldwide.html">600,000</a> Macs worldwide.

    You left out "allegedly reported as 600,000 Macs by a company which was trying to fool people into buying its product".

    The 600,000 number was pretty thoroughly debunked.
  • Reply 6 of 25

    Quote:


    Well until sites stop using Flash completely then what are you going to do.



     


    If your Macintosh will support it, you can upgrade to a later version of Mac OS X that is still receiving regular security updates (and that is supported by a current version of Adobe Flash or a patched release of the Java runtime). Mac OS X 10.7 seemingly does not include Java as part of a default installation. Though I think Intel-based Macintosh users on 10.5 can still get Flash Player 10.3 with current security patches, there is no corresponding PowerPC release of the Flash Player. (Yet another reason to utterly despise Adobe, although Flash Player was getting pretty draggy on PPC, at least up to a 1.25 GHz G4.)


     


    In the event that you cannot move to a newer OS or Macintosh computer, you might be able to use something like HTML5 video with some sites.


     


    The delivery of this update is rather unique in that Apple has tradtionally supported only one version of Mac OS X behind the current release. I take this to mean that such a policy might be revised if the issue is serious enough, as Flashback may well be.


     


    I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.

  • Reply 7 of 25
    relicrelic Posts: 4,735member
    jragosta wrote: »
    You left out "allegedly reported as 600,000 Macs by a company which was trying to fool people into buying its product".
    The 600,000 number was pretty thoroughly debunked.

    Aaahhh, I'm getting so tired of this mightier then thou attitude that some of you forum members exhibit when it comes to negative news about Apple. Let me ask you a question, how long did it take for Apple to actually come out and say there was a problem and to release a fix, 2 months. I knew about Flashback when Oracle released their patch 2 months ago, where was Apple? Hey, don't get me wrong I believe a lot of the fault lies with the users downloading every crappy freeware they can get there hands on but I'm also not going to jump in front to catch a bullet for any company when they screw up. Why is it so hard to be critical of Apple when they blatantly dropped the ball on this. Yes Java has security issues but Apple was the one who had to have their own Java version because apparently using the company's version that invented the damn thing wasn't good enough, but hey they managed to patch theirs 2 months prior. So if your going to have your own version, then support it, patch it when there is a problem. This wouldn't have been in a problem when Oracle issued the warning and Apple would have jumped all over it patched it then or at least say we are also working on a patch, please be patient. No, instead it's like every other problem Apple has had in the past, wait till the villagers are at the draw bridge with pitch forks and torches before they move on it.

    Yes, I'm with a lot of you, consumers don't need Java unless they're running a specific program that requires it. In that case, please always use the version from Oracle, it's a lot more stable and wouldn't you know it, better security.

    Rant over, you may now commence calling me an Apple hater.........
  • Reply 8 of 25
    relicrelic Posts: 4,735member
    If your Macintosh will support it, you can upgrade to a later version of Mac OS X that is still receiving regular security updates (and that is supported by a current version of Adobe Flash or a patched release of the Java runtime). Mac OS X 10.7 seemingly does not include Java as part of a default installation. Though I think Intel-based Macintosh users on 10.5 can still get Flash Player 10.3 with current security patches, there is no corresponding PowerPC release of the Flash Player. (Yet another reason to utterly despise Adobe, although Flash Player was getting pretty draggy on PPC, at least up to a 1.25 GHz G4.)

    In the event that you cannot move to a newer OS or Macintosh computer, you might be able to use something like HTML5 video with some sites.

    The delivery of this update is rather unique in that Apple has tradtionally supported only one version of Mac OS X behind the current release. I take this to mean that such a policy might be revised if the issue is serious enough, as Flashback may well be.

    I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.

    Hmm good question, I still have a functional Macbook 12" 1.5GHZ, I can try it out. Still love that thing, one of my favorite Apple notebooks next to the Powerbook 2400. My 2400 had a custom clear body I bought from a guy in Tokyo, I even found a clear blue keyboard to go with it. I sold it back in 2001 for 2,000 CHF, idiot. I needed the cash for the Titanium so what's a girl to do. Oh the Titanium, lovely machine flimsy joints. It's funny about Flash, Adobe said no more mobile versions but they update the damn thing every 2 weeks. Look at the build numbers for the normal desktop they match the mobile version, dead my butt. Wait, hold on, yep the Android version was last updated on May 4th, performance improvements, bug fixes and stability issues, yea this thing isn't going anywhere soon.
  • Reply 9 of 25
    libertyforalllibertyforall Posts: 1,418member


    Would be nice if Apple provided a few more Safari updates as well for the 10.5.8 PPC stalwarts too!  ;)  

  • Reply 10 of 25
    relicrelic Posts: 4,735member
    Would be nice if Apple provided a few more Safari updates as well for the 10.5.8 PPC stalwarts too!  ;)  

    I've never been a big fan of Safari. I always found Firefox and Chrome to be better browsers. However for PowerPC then yes Safari would be the way to go. I know this is going to sound strange but have you given it much thought about installing Linux on your PowerPC machine. Arch Linux for instance runs extremely well or maybe even Debian. You should check it out, install Gnome 3 on it while your at it and you should find it to be quite a nice experience. I still like the PowerPC cpu, I think if configured correctly with a well tuned OS you can still have one hell of a machine.
  • Reply 11 of 25
    obamaobama Posts: 62member
    slurpy wrote: »
    Cue all the bashers shrieking that Apple is TAKING AWAY OUR FREEDOM and ITS A SLIPPERY SLOPE.

    It's a good move. Flash is a horrendously coded and incredibly insecure piece of software, the sooner its completely dead the better. 

    I completely agree with you.

    Until I visit a website with Flash content. Then I completely disagree with you.
  • Reply 12 of 25
    relicrelic Posts: 4,735member
    obama wrote: »
    I completely agree with you.
    Until I visit a website with Flash content. Then I completely disagree with you.

    Hehe, well put sir, well put.
  • Reply 13 of 25
    andyappleandyapple Posts: 152member

    Quote:

    Originally Posted by UnexpectedBill View Post


     


    I haven't tried it yet, but I wonder if this 10.5 updater is available for PowerPC as well. That would really be amazing, considering how quickly Apple turned away from that platform.



    Nope, no security update for Leopard on PPC as of this moment.


     


    As G4 Macs do not support the latest version of Flash this does not surprise me.

  • Reply 14 of 25
    relicrelic Posts: 4,735member
    andyapple wrote: »
    Nope, no security update for Leopard on PPC as of this moment.

    As G4 Macs do not support the latest version of Flash this does not surprise me.

    I don't think there is a virus or malware that exists on PPC anymore so who really cares about a security update, I was more interested in perhaps getting a little more speed.
  • Reply 15 of 25
    tallest skiltallest skil Posts: 43,388member

    Quote:

    Originally Posted by Relic View Post

    …I was more interested in perhaps getting a little more speed.


     


    Uninstall Flash, then.

  • Reply 16 of 25
    relicrelic Posts: 4,735member
    Uninstall Flash, then.


    Uuuuuuhhh nnnoooooooo.
  • Reply 17 of 25
    tallest skiltallest skil Posts: 43,388member

    Quote:

    Originally Posted by Relic View Post

    Uuuuuuhhh nnnoooooooo.


     


    Then you can't complain about speed.

  • Reply 18 of 25
    robotonerobotone Posts: 16member

    Quote:

    Originally Posted by jragosta View Post



    The 600,000 number was pretty thoroughly debunked.


    By whom, I thought the number was slightly larger?

  • Reply 19 of 25
    jragostajragosta Posts: 10,473member
    robotone wrote: »
    By whom, I thought the number was slightly larger?

    The number of infected computers reportedly dropped from 600,000 to 200,000 three days BEFORE Apple released a fix-and this drop occurred in one day. There was a command line fix earlier, but very few people would have used that - and it would have led to a gradual decline rather than a precipitous drop.

    Furthermore, there were some serious questions about how they managed to track the 'infection' without having access to the servers. Unless they were monitoring all the Internet access of many thousands of computers, it would not have been possible.

    Finally, look at the numbers. They reported infection numbers of 0.1% in a number of countries. That means that they would have had to monitor a minimum of 1,000 computers in each of those countries - which means that they would have had to be monitoring many tens of thousands of computers.

    It was all discussed in detail when this story first came out.

    Of course, there is also the morality issue. If they knew about 600,000 infected computers, why did they not notify the people?
    relic wrote: »
    Aaahhh, I'm getting so tired of this mightier then thou attitude that some of you forum members exhibit when it comes to negative news about Apple. Let me ask you a question, how long did it take for Apple to actually come out and say there was a problem and to release a fix, 2 months. I knew about Flashback when Oracle released their patch 2 months ago, where was Apple?

    So pointing out that the number is bogus is a 'mightier than thou attitude'?

    They were criticized because the numbers are BS - not because they were critical of Apple.
  • Reply 20 of 25
    nvidia2008nvidia2008 Posts: 9,262member

    Quote:

    Originally Posted by Tallest Skil View Post


    Uninstall Flash, then.



     


    DoNE! :)


     


    May I pay a small tribute though to Dave Hillman Curtis, who recently passed away at quite a young age. He is credited with revolutionising Flash in the early part of last decade. While some may be critical of him, his early Flash thoughts were developing rich sites and not abusing it with flashy ads. For example, he famously wrote that the "Loading" screen should never say "Loading", or something to that effect. That is, why should the user care that it is loading, surely some other things can be done while it is "loading" ~ hence preloaders that were more than just a progress bar. He explored various interactive media issues and commented on them in ways that still apply to all new media today, from apps through to the self check-in kiosk at the airport. RIP Dave, RIP Adobe Flash.

Sign In or Register to comment.