Safari 5.1.7 update disables out-of-date Flash versions
Apple on Wednesday released an update to its Safari web browser that automatically disables old versions of Adobe's Flash Player as they don't have the most up-do-date security features.
After pushing out OS X Lion 10.7.4 which included Safari version 5.1.6, Apple rolled out a separate update for the browser that can be downloaded by OS X 10.7.3 Snow Leopard, OS X 10.7.4 Lion and Windows users.
According to Apple's Safari 5.1.7 Support Page, the update is meant to disable older versions of Flash that pose a security risk as they lack the latest vulnerability patches.
Safari 5.1.7 will scan a Mac's Flash assets for out-of-date software, disable it if found and inform the user via a dialog box. A link to Adobe's website is integrated into the dialog so that users can easily locate and install the most current Flash Player.
If users need to roll back to a previous version of Flash, they must navigate to the "/Library/Internet Plug-Ins (Disabled)" folder on their Mac, drag "Flash Player.plugin" into the active "/Library/Internet Plug-Ins" folder and restart the browser. A brief tutorial is provided at Apple's Support Pages.
From the release notes:
Most recently, Apple released a Java update to cope with Flashback and even created a dedicated removal tool for those Mac owners who didn't already have Java installed on their computers.
The Safari update comes in at 44.98MB for Lion and 47.72MB for Snow Leopard and can be downloaded via Software Update or Apple's Support Downloads page.
After pushing out OS X Lion 10.7.4 which included Safari version 5.1.6, Apple rolled out a separate update for the browser that can be downloaded by OS X 10.7.3 Snow Leopard, OS X 10.7.4 Lion and Windows users.
According to Apple's Safari 5.1.7 Support Page, the update is meant to disable older versions of Flash that pose a security risk as they lack the latest vulnerability patches.
Safari 5.1.7 will scan a Mac's Flash assets for out-of-date software, disable it if found and inform the user via a dialog box. A link to Adobe's website is integrated into the dialog so that users can easily locate and install the most current Flash Player.
If users need to roll back to a previous version of Flash, they must navigate to the "/Library/Internet Plug-Ins (Disabled)" folder on their Mac, drag "Flash Player.plugin" into the active "/Library/Internet Plug-Ins" folder and restart the browser. A brief tutorial is provided at Apple's Support Pages.
From the release notes:
Apple has become increasingly leery about third-party applications, perhaps due to the recent Flashback malware debacle that affected more than 600,000 Macs worldwide. One of the trojan's first iterations was discovered in 2011 when it disguised itself as a Flash Installer, though the exploit had nothing to do with Adobe's software.Lion
Safari 5.1.7 contains improvements to performance, stability, compatibility, and security, including changes that:
Improve the browser's responsiveness when the system is low on memory
Fix an issue that could prevent webpages from responding after using a pinch to zoom gesture
Fix an issue that could affect websites using forms to authenticate users
Disable versions of Adobe Flash Player that do not include the latest security updates and provide the option to get the current version from Adobe's website.
Windows
Safari 5.1.7 contains improvements to performance, stability, compatibility, and security, including changes that:
Improve the browser's responsiveness when the system is low on memory
Fix an issue that could affect websites using forms to authenticate users
Most recently, Apple released a Java update to cope with Flashback and even created a dedicated removal tool for those Mac owners who didn't already have Java installed on their computers.
The Safari update comes in at 44.98MB for Lion and 47.72MB for Snow Leopard and can be downloaded via Software Update or Apple's Support Downloads page.
Comments
Why not just have it come with Click2Flash installed and prevent Flash from installing in Safari at all?
In before cries of "Monopoly!" I'd like to see them explain that one.
Quote:
Originally Posted by Tallest Skil
Why not just have it come with Click2Flash installed and prevent Flash from installing in Safari at all?
In before cries of "Monopoly!" I'd like to see them explain that one.
Certainly it is only useful to have Click2Flash installed if you already have Flash? It is my understanding that with Click2Flash, it will look to the server of the website as the browser has Flash installed and won't show alternative media intended for users without Flash.
Quote:
Originally Posted by Zandros
Certainly it is only useful to have Click2Flash installed if you already have Flash? It is my understanding that with Click2Flash, it will look to the server of the website as the browser has Flash installed and won't show alternative media intended for users without Flash.
Nope, Click2Flash provides direct MP4 alternatives to video (in a QuickTime shell) as opposed to site-specific HTML (if there is one), so it's good for that.
Quote:
Originally Posted by Tallest Skil
Nope, Click2Flash provides direct MP4 alternatives to video (in a QuickTime shell) as opposed to site-specific HTML (if there is one), so it's good for that.
Ah, that is true of course. Personally I feel the whole clicking step is somewhat annoying but since current implementations and "best" practices seem to favour auto-loading and auto-playing of video it can be useful sometimes.
There's a similar update version for Windows as well, just downloaded and installed on my Sony laptop, also version 5.1.7.
Cue the haters, time for you to pipe in about Apple controlling everything.
I see it more as the lawless (web) frontier is getting a Justice of the Peace to keep the bad guys in check.
Wouldn't you love to see a movie with Steve Jobs as a digital age detective Callahan squeezing the Flashback programmers necks and saying, "Go ahead, make my day!"
Most variations on the idea allow you to white list sites so you don't need to click, which is good for repeat visits to a trusted site.
They are treading in really dangerous territory here to disable software for people automatically. Let's hope there aren't any hitches that prevent a user from getting Flash installed and back running.
Flash IS dangerous territory. Not a problem of Apple’s causing, but they’re stuck with the reality of dealing with it.
As for ClickToFlash and what servers see... I think they DO see Flash as installed and thus will not present non-Flash alternate content. I have run into that issue myself when designing sites to have non-Flash/JavaScript/CSS3 animation an an alternative to the Flash content most people see. ClickToFlash messes with my Flash (and especially Flash version!) detection pretty badly. I’ve had to code special error messages just for CLickToFlash users, telling them how to bypass ClickToFlash, or my content that uses the newest Flash plugin won’t play at all, and nor will the alternate version. Depends on the specifics of the situation. It definitely interferes with some current best-practice methods of Flash detection. And with Stage3D, Flash version detection just became much more critical too. A script can detect your Flash version because you haven’t “clicked to Flash”... so it may just display a static image (or whatever) and not even give you the option of Flash at all.
Yes, ClickToFlash will display alternate-format video for some popular video services, but that’s a specific (and often nice) workaround built into ClickToFlash. It doesn’t work for ALL non-Flash alternate content, especially non-video content.
I’d HATE to see ClickToFlash built into Safari! It’s a neat “trick” and I use it, but it’s sending misleading info to web servers, and there are times when developers have no elegant way to deal with that for their users.
Quote:
Originally Posted by nagromme
ClickToFlash messes with my Flash (and especially Flash version!) detection pretty badly. I’ve had to code special error messages just for CLickToFlash users, telling them how to bypass ClickToFlash, or my content that uses the newest Flash plugin won’t play at all, and nor will the alternate version. Depends on the specifics of the situation. It definitely interferes with some current best-practice methods of Flash detection.
You can try to load a Flash movie and check the Percent Loaded > 0 if not, it is blocked so you redirect with a url parameter that loads your alternate content.
I guess that is fine for the 5 People that still use Safari
Quote:
Originally Posted by agramonte
I guess that is fine for the 5 People that still use Safari
You're hilarious.
See what I did there? I made an equally false statement.
I have removed Flash from my Mac months ago and I am not looking back. Removing Flash and using AdBlock makes my internet experience much more enjoyable.
Quote:
Improve the browser's responsiveness when the system is low on memory
How about improving the memory leaks that cause the system to become low in memory?
Quote:
Originally Posted by SolipsismX
20 posts and no one has mentioned how Apple has no right to keep me from using older versions of Flash that are a security issue.
Zither Zather stole your account, homie.
I see Safari using 350MB on my computer. Is that really such a big deal? I guess my Firefox instance is really asking for it at 550MB. Granted, my Chrome instance is 150MB, but when it comes down to it, I'm not worried about the extra dime's worth of memory.
edit: I noticed that Chrome has a main window, plus a bunch of separate app-threads for rendering each tab (I think), putting Chrome somewhere between Safari and Firefox.
Quote:
Originally Posted by JeffDM
I see Safari using 350MB on my computer. Is that really such a big deal? I guess my Firefox instance is really asking for it at 550MB. Granted, my Chrome instance is 150MB, but when it comes down to it, I'm not worried about the extra dime's worth of memory.
edit: I noticed that Chrome has a main window, plus a bunch of separate app-threads for rendering each tab (I think), putting Chrome somewhere between Safari and Firefox.
Hmm, Safari itself on my system is using 202MB. But it's Safari Web Content that is over 1GB.
And that happens no matter what I do, after some period of time. I've never been able to figure out what's causing it. By tomorrow or the next day, it will be much, much larger.