Apple blocks older Flash plug-in versions in Safari due to vulnerability
Apple late Thursday issued a security message saying it has blocked old versions of Adobe's Flash Player plug-in for Safari, citing a recent flaw that could potentially allow hackers to harvest browser data like cookies.
As noted in an updated support document regarding the issue, Apple has taken action against a recently discovered Flash vulnerability by restricting plug-in access through its Safari Web browser.
Users with out of date plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari. Clicking on the alert takes users to Adobe's Flash installer page, where the latest version of the plug-in can be downloaded and installed.
According to Adobe, the flaw can be found in Flash Player for Mac version 14.0.0.125 and earlier. After a proof-of-concept exploit was demonstrated by Google engineer Michele Spagnuolo, Adobe advised Mac users to update to version 14.0.0.145. Aside from OS X, Windows and Linux builds of Flash were also affected by the bug.
Users who need to run older, flawed versions of Flash may do so by configuring Safari's plug-in management settings to allow specific websites to "Run in Unsafe Mode." Re-enabling older Flash versions requires Safari 6.1 or later.
As noted in an updated support document regarding the issue, Apple has taken action against a recently discovered Flash vulnerability by restricting plug-in access through its Safari Web browser.
Users with out of date plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari. Clicking on the alert takes users to Adobe's Flash installer page, where the latest version of the plug-in can be downloaded and installed.
According to Adobe, the flaw can be found in Flash Player for Mac version 14.0.0.125 and earlier. After a proof-of-concept exploit was demonstrated by Google engineer Michele Spagnuolo, Adobe advised Mac users to update to version 14.0.0.145. Aside from OS X, Windows and Linux builds of Flash were also affected by the bug.
Users who need to run older, flawed versions of Flash may do so by configuring Safari's plug-in management settings to allow specific websites to "Run in Unsafe Mode." Re-enabling older Flash versions requires Safari 6.1 or later.
Comments
Good. Though haven’t they already been doing this with all older versions?
When are we going to see Flash and the inherited vulnerabilities be something of the past?
When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.
“What about Light…”
Integrated into Photos.
“What about Prem…”
Integrated into Final Cut.
“What about After…”
Integrated into Motion.
“What about Audi…”
Integrated into Logic.
“What about Dream…”
It’s terrible. Use Coda.
“What about InDes…”
Integrated into Pages. Imagine how great Pages would be with professional layout tools!
Same here. And whenever I hit a site that uses Flash that I want to see, like Google Street View, I simply grab my 1st Gen iPad. Love that app from Apple. For regular webpages, irony to the max, I grab my other iPad and the site simply has the content in a different format. YouTube is one of those sites from Google that I think is truly despicable so I don't even go there.
Probably never. There's no reason why different tech can't both be alive. There's stuff Flash can do that HTML5 can't.
When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.
“What about Light…”
Integrated into Photos.
“What about Prem…”
Integrated into Final Cut.
“What about After…”
Integrated into Motion.
“What about Audi…”
Integrated into Logic.
“What about Dream…”
It’s terrible. Use Coda.
“What about InDes…”
Integrated into Pages. Imagine how great Pages would be with professional layout tools!
As much as the idea of letting Apple's software lunatics get ahold of tools I depend on scares the crap out of me, I gotta admit I often finding myself wishing for an Apple designed UI when I use them. I'm sure the various procedures and tools make sense to the people who designed them, but DAMN they're confusing to me! I forced my way through a beginner's tutorial for After Effects and marvelled at how utterly impenetrable that app is. It made me wonder if Adobe makes more money on training than software sales.
What's 'Flash?'
I haven't had Flash installed in over 3 years now. In the last 24 months or so I think I have only had an issue where I was promoted to install Flash on a site maybe 3-4 times and all of those times I was able to access the content I needed anyways.
When are we going to see Flash and the inherited vulnerabilities be something of the past?
Don't I wish!
Although I've completely jettisoned Java, I do unfortunately have to run Flash on occasion. The answer in this case is to run a Flash blocker so the content doesn't auto run. Important because a lot of Flash content isn't sourced or controlled from the websites that tend to host it.
I tried to live without Flash when I got my new iMac but only lasted a week.
It was the lack of YouTube that made me give in. Despite them saying that most of their videos run in HTML 5, if you try it, you'll get a Flash pop up.
There IS no lack of YouTube. There has never BEEN a lack of YouTube. Every single YouTube video will play in a QuickTime window embedded into the page when you don’t have Flash installed.
Use ClickToFlash to force it.
For Click2Flash he'll need to install Flash first, no? Better to set your user agent to an iPad instead. And that's only the better option, the best is to not use YouTube, although it does cost them money so maybe we should all have a YouTube window running in the background 24/7 lol
Of course not. It’s just an extension.
Except then you get fed a completely worthless mobile version of the website.
Mental defectives, every single one of them. THE IDEA BEHIND THE IPHONE AND IPAD IS THAT YOU DON’T NEED A “MOBILE WEB” ANYMORE. STOP FORCIBLY REDIRECTING ME TO A MOBILE SITE. STOP MAKING IT IMPOSSIBLE FOR ME TO VIEW THE REAL SITE.
ClickToFlash+AdBlock=no ads on YouTube, anywhere. Combine that with Disconnect, Ghostery, and DoNotTrackMe and Google gets nothing from you.
When Apple finally buys Adobe and shuts down everything but Photoshop and Illustrator.
“What about Light…”
Integrated into Photos.
“What about Prem…”
Integrated into Final Cut.
“What about After…”
Integrated into Motion.
“What about Audi…”
Integrated into Logic.
“What about Dream…”
It’s terrible. Use Coda.
“What about InDes…”
Integrated into Pages. Imagine how great Pages would be with professional layout tools!
+1 ................ except for FrameMaker.
FrameMaker 9 & 10 will disappear as if they had never existed.
Adobe coders will be put back to work bringing this software to OS X.
Indeed, no 'mobile websites' anymore, please. Fine if they 'optimise' the page, but leave the basics intact so the experience is the same on an iPad and a desktop.
As for blocking Google out, you'll also need to disable 'Fraudulent Sites' the prefs:
Because I think when ticked on it sends the URL to Google when visiting a site. Correct?
https://developers.google.com/safe-browsing/
I don't think I'd do that myself. In the past few months Google has twice warned me of a fraudulent site posing as legit and directed me back to a safe page before any damage could be done. There's such a thing as cutting off your nose to spite your face.