Apple blocks older versions of Adobe Flash Player in web plug-in update
In a support document published on Friday, Apple confirmed that it has blocked older versions of Flash to protect Safari users from recently discovered vulnerabilities in the web content player.
While Adobe has already fixed the flaws being exploited, Apple instituted the plug-in-blocking feature in its Safari web browser to safeguard users who may not have downloaded the latest patches. The change affects Macs running OS X Mountain Lion, Lion, and Snow Leopard.
From Apple's support document:
Adobe on Tuesday acknowledged the existence of three separate vulnerabilities being exploited in the wild, including one targeting the Firefox browser, and recommended users update to the latest Flash version.
With Flash being a popular form of content delivery on the web, nefarious programmers are constantly developing malicious software to take advantage of the player's many flaws. Most recently, Apple blocked Flash in early February to protect against a similar exploit.
While Adobe has already fixed the flaws being exploited, Apple instituted the plug-in-blocking feature in its Safari web browser to safeguard users who may not have downloaded the latest patches. The change affects Macs running OS X Mountain Lion, Lion, and Snow Leopard.
From Apple's support document:
Users who have not yet downloaded the most recent version of Flash, designated as version 11.6.602.171, will see a "Blocked Plug-in" alert in Safari. Selecting the prompt will bring up a pop-up window containing a link to download and install the most up-to-date version of Adobe's software.To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player.
Adobe on Tuesday acknowledged the existence of three separate vulnerabilities being exploited in the wild, including one targeting the Firefox browser, and recommended users update to the latest Flash version.
With Flash being a popular form of content delivery on the web, nefarious programmers are constantly developing malicious software to take advantage of the player's many flaws. Most recently, Apple blocked Flash in early February to protect against a similar exploit.
Comments
They've been doing this for a few versions now, I think.
It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.
Edit: Of course now I know and I could always use Chrome but still...
What a merry jig to dance to!
Me, I've uninstalled Flash altogether and haven't looked back. If there's flash content I need to view, I'll fire up Chrome, which has Flash embedded. Then when I'm done viewing, I switch back to Safari. I will not have my machine infected due to some crappy plugin! BTW, most newer YouTube videos work in Safari HTML5 just fine.
Quote:
Originally Posted by mstone
It should be the user's choice.
I disagree.
With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.
It's good that Apple is staying on top of things and fixing things quickly.
If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.
Quote:
Originally Posted by mstone
It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.
Giving how press media drool over any security issue could affected the MacOS, I understand well why Apple implemented this feature by default. Any user knowledgeable enough knows how google a way to disable Xprotect
As far i'm concern, flash won't die soon enough.
Quote:
Originally Posted by mstone
It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.
Edit: Of course now I know and I could always use Chrome but still...
Yeah, the problem with "user choice" is that most users choose not to update. I oversee a lot of Mac and Windows users, and I see this happen all. the. time.
Particularly with Java on Windows, where it prompts the user to update seemingly every week. When I ask, they say they've just learned to ignore it because it pops up all the time. My solution is to uninstall it. I tell them, "There, problem solved. You don't need it."
For the sake of the Internet at large, I'm thankful that many of these front-line programs (like browsers) and plugins (Flash) are starting to in invisible updates.
Quote:
Originally Posted by Apple ][
Quote:
Originally Posted by mstone
It should be the user's choice.
I disagree.
With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.
It's good that Apple is staying on top of things and fixing things quickly.
If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.
I am not sure how the blocking is initiated. If while updating Safari the installer alerts you that your old Flash has been disabled, I would be fine with that. I just don't want to be surprised at an inopportune time. If Apple was really trying to protect the user, they should block old Flash in all other browsers as well to completely mitigate the risk. If they are going to do this, it should be system wide and handled by OS X not Safari. That way people would know to update Flash while they are on fast networks not in the field.
I'm getting REALLY f***ing sick of updating Flash and Java every two days. There should be a class action lawsuit against Adobe and Oracle for making us keep the two most poorly written programs ever written on our computers.
Quote:
Originally Posted by Apple ][
I disagree.
With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.
It's good that Apple is staying on top of things and fixing things quickly.
If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.
While it may be good for the end user, from a person who runs Macs in an educational IT environment its a very large pain in the ass. It seems like every other god damn day I have to push out either a Java update or a Flash update. And, I can't just disable Flash and Java altogether as both required for many different educational programs and websites.
Apple's getting the blame anyways because Flash never works because they keep disabling it. Not every users knows how to go out and update Flash player all the time. Its getting to the point where people don't want to use the Macs because they never work in their eyes.
Therefore, let me decide on whether or not I want to disable flash. Its my network so let ME decide!
Quote:
Originally Posted by mstone
It should be the user's choice.
Then nothing would get updated. We're talking about the typical unaware user here. And when that unaware, clueless user gets nailed with malware that wipes their bank account out, who will they blame? Not themselves, of course, and not Adobe either. They will blame Apple. They always blame Apple. The tech media always blames Apple too...for everything. Force these users to update, no choice, no options.
Quote:
Originally Posted by bdkennedy1
I'm getting REALLY f***ing sick of updating Flash and Java every two days. There should be a class action lawsuit against Adobe and Oracle for making us keep the two most poorly written programs ever written on our computers.
I don't think they are poorly written just that they are extremely complex and have a lot of power to interact with the file system and the network. There was a time when even Javascript was a major security risk also, and there is always the potential that it could again be exploited. You know what they say about computers security. The only safe computer is one that is unplugged and turned off.
I swear every single day there's at least one headline about either big flash or adobe reader vulnerability. Unreal. And people crucified Apple on their decision to try and get rid of flash on mobile devices?
Quote:
Originally Posted by macxpress
Not every users knows how to go out and update Flash player all the time.
And many of the users don't have permission to update software. Only administrators are allowed to update applications in typical educational and most corporate environments which could cause havoc if all the users needed the IT admin at the exact same time.
Quote:
Originally Posted by macxpress
While it may be good for the end user, from a person who runs Macs in an educational IT environment its a very large pain in the ass. It seems like every other god damn day I have to push out either a Java update or a Flash update. And, I can't just disable Flash and Java altogether as both required for many different educational programs and websites.
Apple's getting the blame anyways because Flash never works because they keep disabling it. Not every users knows how to go out and update Flash player all the time. Its getting to the point where people don't want to use the Macs because they never work in their eyes.
Therefore, let me decide on whether or not I want to disable flash. Its my network so let ME decide!
So you're saying that you would rather have X number of machines on your network with known vulnerabilities than have to deal with a user that whines that Flash is broken. Ooookay. I'm glad you work at an educational institution and not a bank or company that handles personal client info. For us, a known vulnerability on our network simply isn't tolerable.
Quote:
Originally Posted by Apple ][
I disagree.
With all of these potential security holes and attacks that we're reading about, they should be plugged immediately. If somebody needs to use Javascript or Java, then they should be on the very newest version, otherwise too bad for them.
It's good that Apple is staying on top of things and fixing things quickly.
If something bad were to happen to somebody using one of the older versions, then I bet that they would blame it on Apple.
Can you explain how I can choose to only use "the very newest version" of JavaScript in Safari?
Well I guess I found out how it works. I just went to AI home page and Safari popped up the warning. I appreciate the notice but I can see how disabling the plug in automatically can be very inconvenient under certain circumstances. I use Safari as my default browser but given that they can disable my Flash whenever they feel like it, I probably should switch to Chrome.