Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari

Posted:
in macOS edited October 2015
Following the discovery -- and subsequent fix -- of yet another critical Adobe Flash vulnerability last week, Apple activated its Web plug-in blocking capability for OS X Safari to protect Mac users from what Adobe describes as "limited, targeted attacks."




Apple posted a support document to its website on Monday saying Flash versions older than 19.0.0.226, or 18.0.0.255 on older machines, are now actively restricted from running on OS X. The precautionary measure is instituted to protect users unaware of the situation.

Adobe last week confirmed knowledge of the vulnerability, saying malicious users were conducting real-world attacks that "could cause a crash and potentially allow an attacker to take control of the affected system." A fix addressing the problem was pushed out on Friday.

As noted by Apple, Mac users running insecure Flash software will see the message "Blocked plug-in," "Flash Security Alert," or "Flash out-of-date." Clicking the alert link take users to Adobe's Flash installer page where the latest version of the plug-in can be downloaded and installed.

Apple is known be proactive in shielding unsuspecting customers from Flash vulnerabilities. The company activated its plug-in blocker last summer to protect against a flaw that allowed attackers to collect browser data, and most recently did the same in April.

Comments

  • Reply 1 of 12
    tyler82tyler82 Posts: 1,112member
    Adobe. As in mud. Makes perfect sense now.
  • Reply 2 of 12
    lkrupplkrupp Posts: 10,557member

    I took the plunge and uninstalled Flash after the latest critical security failure. I expected to suffer a bit when attempting to play videos but that really has’t happened. Most of the websites I visit regularly simply served up an HTML5 version that played fine. It’s mostly been news sites that tell me I can’t watch anything unless I have Flash. So far I can live without Flash okay.

     

    However, the combination of removing Flash and judicious use of Ghostery has dramatically improved my online browsing experience. Web pages snap open almost instantaneously. I can open an entire folder of links at the same time and experience no delays or stalls. I never knew Safari could be that fast. My bad.

  • Reply 3 of 12
    tyler82 wrote: »
    Adobe. As in mud. Makes perfect sense now.
    Proper adobe also contains cow poo
  • Reply 4 of 12
    Quote:
    Originally Posted by lkrupp View Post

     

    I took the plunge and uninstalled Flash after the latest critical security failure. I expected to suffer a bit when attempting to play videos but that really has’t happened. Most of the websites I visit regularly simply served up an HTML5 version that played fine. It’s mostly been news sites that tell me I can’t watch anything unless I have Flash. So far I can live without Flash okay.

     

    However, the combination of removing Flash and judicious use of Ghostery has dramatically improved my online browsing experience. Web pages snap open almost instantaneously. I can open an entire folder of links at the same time and experience no delays or stalls. I never knew Safari could be that fast. My bad.




    Have you tried Safari Content Blockers?  I have moved away from old fashioned javascript based blockers like Ghostery/Adblock etc to Content Blockers.  Much faster and more awesomer.  Yes that is a word.

     

    I would recommend Clearly.  Wipr is pretty good, but in my experience not as good as Clearly.

  • Reply 5 of 12
    Originally Posted by lostkiwi View Post

    Have you tried Safari Content Blockers?  I have moved away from old fashioned javascript based blockers like Ghostery/Adblock etc to Content Blockers.

     

    Okay, so how do you distinguish the two (without researching every single one you might want), what’s the difference between them, and why are they both touted as extensions?

     

    Does Clearly take the place of both AdBlock and Ghostery? Where are its configurables? 

     

    EDIT: I’m noticing already that Clearly leaves the website’s formatting space for ads in place while AdBlock wouldn’t. I quite liked the latter.

  • Reply 6 of 12
    Quote:
    Originally Posted by Tallest Skil View Post

     

     

    Okay, so how do you distinguish the two (without researching every single one you might want), what’s the difference between them, and why are they both touted as extensions?

     

    Does Clearly take the place of both AdBlock and Ghostery? Where are its configurables? 




    Hi TS, thanks for the reply.

     

    I distinguished between the two - and the others actually - using purely scientific methods....   :-) actually it was all just anecdotal as I tried each one on a few famously buggy/tracker laden sites like NY Times, Boston.com, CNN etc and did a very informal timing using each CB, along with noting if it missed any ads.

    I found that Clearly loaded the fastest and blocked the most ads.  Wipr was pretty good but there were still a couple of ads that snuck through.  Roadblock let a bit more through and was a bit slower etc. etc.

     

    You install them from the Safari Extension page and they end up on your Safari Preferences/Extensions tab. Here is a tutorial from Apple about them.  Macworld did quite a nice write up about iOS CBs here and imore did a short article on OSX CBs here.  There is not a lot of interest on the web about OSX CBs - iOS got all of the love.

     

    The long and short of it is the ads and trackers are stopped from loading when you visit a new website, rather than being loaded, having a program like Ghostery analyse it and then block it from showing on your page.  Also the developers never get notified which sites you visit unlike the traditional blockers like AB, Ghostery etc.  I'm not saying they were using this data for nefarious purposes, I just don't like the idea of some external company following every page I visit on the net.

     

    Regarding configuration, the CBs on iOS are a lot more configurable than on OSX.  Maybe because they are free on OSX?  I guess a dev could help you with the technical rationale for this.  You just turn them on and they do their thing.

    I have uninstalled Disconnect, Adblock+ and Ghostery as I find I don't need them anymore.  

    One thing to note is that cookies still get loaded to your OSX browser, so it pays to have a good cookie cleaner in place to maintain your privacy.  I have had one for years anyway so this was not an issue for me. 

  • Reply 7 of 12

    Flash is now gone from my computer forever. It's a great feeling. :)

  • Reply 8 of 12
    Quote:

    Originally Posted by lostkiwi View Post

     



    Have you tried Safari Content Blockers?  I have moved away from old fashioned javascript based blockers like Ghostery/Adblock etc to Content Blockers.  Much faster and more awesomer.  Yes that is a word.

     

    I would recommend Clearly.  Wipr is pretty good, but in my experience not as good as Clearly.




    I tried to use Wipr and it seemed pretty good… until I went to YouTube. Videos that start with ads (i.e. most of them) don't play with Wipr enabled. :(

  • Reply 9 of 12
    But how do you config Clearly when you want to allow a site to serve X? No options available.
  • Reply 10 of 12
    pmzpmz Posts: 3,433member

    The average user should not even have Flash installed. You're better off just having a backup browser like Chrome or IE that contains a built-in plugin if the need comes up.

     

    There are actually tons of business and enterprise level applications still running on adobe media server that people use everyday...the average blogger has no concept of this, and thats fine, but Flash is still very important....just not important for serving ads or simple video playback.

  • Reply 11 of 12
    Quote:
    Originally Posted by monstrosity View Post

     

    Flash is now gone from my computer forever. It's a great feeling. :)


    Yep, Flash Free is pretty awesome.

     

    Quote:
    Originally Posted by danielagos View Post

     



    I tried to use Wipr and it seemed pretty good… until I went to YouTube. Videos that start with ads (i.e. most of them) don't play with Wipr enabled. :(


    There is a reddit page about Youtube here.  If you don't have time to read the whole page, the Purify dev (my favourite CB app on iOS) said this of the YouTube issue:

    No aggressiveness intended, but it's actually not anything to do with content not actually being "blocked." The Safari Content Blocker implementation currently has a bug where the appropriate error events aren't being fired when XHR requests are blocked. It's just a bug.

    The folks at Apple tell me they're working on it for a fix coming soon

     

    I'm looking forward to Purify coming to OSX.  

     

    I don't watch a lot of Youtube on my Mac.  I just did a quick squiz on Youtube and I had no problem with Youtube pages anymore.  Maybe Apple have fixed it now?

     

    Quote:
    Originally Posted by MacHiavelli92 View Post



    But how do you config Clearly when you want to allow a site to serve X? No options available.

    Yeah, the configuration options are a bit sparse on OSX CB currently.  I don't know if this will change.  For me, I like the whole 'Fit & Forget' thing, but I appreciate this might not be to everyone's taste.  I personally believe the privacy and speed advantages of CBs outweigh the configurability of traditional Javascript based Adblockers - but everyone will have to make their own decision around that.

     

    One last thing, only use one CB at a time otherwise you will lose any speed advantage. 

  • Reply 12 of 12
    maxitmaxit Posts: 222member

    a couple of weeks ago I bought my new MBP to replace the older MBP from 2011, and I didn't install Flash since then.

    I was using Click2Flash on my previous MacBook, but now I'm really Flash Free.

    So far, no problems

Sign In or Register to comment.