toggle

AAPL Stock: 102.99 ( + 0.52 )

Printed from http://www.macnn.com

Apple now blocking older Flash Player plug-ins, citing security flaw

updated 12:03 am EDT, Fri July 11, 2014

Latest version for Snow Leopard and higher now required for Flash to work

Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 14.0.0.145 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.



The issue revolves around a bug in Flash that could allow hackers to read data from browsers after users visit popular websites where Flash writes cookie data. The cookies themselves are not compromised, but the website retains the data in a flawed manner that hackers could collect after a user visits, compromising the sites themselves. Among the sites affected were Twitter, Tumblr, eBay, Instagram and many others.

Users who use Google Chrome do not have to manually update the plug-in for that browser, as it is automatically updated. Even if the Flash plug-in is disabled, users should still upgrade to the latest version, as applications that rely on Adobe AIR are also affected by the flaw.

The few remaining pre-Snow Leopard users are advised to check Adobe's Flash page for version 13.0.0.231, which should allow the browser to operate. The more recent v14.x update is available for OS X 10.6 and later, and Windows XP and later. The newest version for Linux is 11.22.202.231, which also contains the emergency patch.

While no known instances of attacks using this vector have been seen "in the wild," Apple and Adobe considered the flaw serious enough to (respectively) block older versions of the plug-in and strongly advise users to upgrade. Adobe has been working with major websites to protect from attacks on the website end, as the flaw could conceivably allow attackers to take control of some sites.

Users with out-of-date Flash plug-ins will be met with a message saying, "Blocked plug-in," "Flash Security Alert" or "Flash out-of-date" when attempting to access Flash content in Safari, notes AppleInsider. The vulnerability was first discovered by Google engineer Michele Spagnuolo, and extends to previous versions of Flash as well (apart from the updated 13.0.0.231 version mentioned earlier).




by MacNN Staff

toggle

Comments

  1. just a poster

    Fresh-Faced Recruit

    Joined: 06-30-04

    I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    The only reason that this is a "forced upgrade" is that the security problem is SO SEVERE that ***your data*** is at high risk of being stolen. If you want to procrastinate about something like that ... well enjoy the consequences I guess. You can just turn off Flash and curse the darkness if you prefer, you know ...

  1. climacs

    Forum Regular

    Joined: 09-06-01

    turning off Flash is a splendid idea and it's not exactly 'cursing the darkness'. It's avoiding a shitshow malware host called Flash.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Originally Posted by just a posterView Post

    I'm sick of corporations hijacking my property and forcing me to upgrade their software or third-party software on my computer. It is intrusive, inconvenient, and coercive. I am not a slave or Adobe or Apple's servant. A one-time warning (per restart) and an easy way to update now or "later" is ok, but disabling functionality is unacceptable.



    You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.

    If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.

  1. Inkling

    Dedicated MacNNer

    Joined: 07-25-06

    Steve Jobs, premier Flash hater, is no longer at the helm and his criticisms don't apply to OS X anyway. It's time for Apple and Adobe to work together and integrate Flash upgrades into the Mac's regular app upgrade process. Having to do it 'on the side' is more trouble than necessary and so much trouble that some of the unskilled don't do it at all.

  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    Originally Posted by Spheric HarlotView Post

    You *are*, however, the slave and servant of whomever decides to exploit the security hole in your outdated version of Flash.

    If you are happier with that situation, then I suggest you lift your skinny fists like antennas to heaven, and start a petition, or something.



    Just-a-poster absolutely has a legitimate point. But spheric just continues on excusing every asshole thing that Apple does. Nothing new here.

  1. Spheric Harlot

    Clinically Insane

    Joined: 11-07-99

    Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?

  1. Grendelmon

    Mac Enthusiast

    Joined: 12-26-07

    Originally Posted by Spheric HarlotView Post

    Blocking outdated, unsecure versions of Flash is an "asshole thing"? Are you for real?



    Sigh. Of course it's an asshole thing to do. A notice or dialog asking the user if they want to block it is the correct way to handle this. Apple is indeed hijacking third party software. They have no business doing so.

  1. Jeronimo2000

    Forum Regular

    Joined: 08-20-01

    Flash is dead. And deservedly so. Live with it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Adesso Compagno X Bluetooth keyboard

The shift from typing on physical keyboards to digital versions on smartphones and tablets hasn't been an easy for many consumers. Fr ...

toggle

Most Commented