Apple blacklists old Flash Player in Safari after recent attacks

Apple has blocked older versions of Flash Player in its Safari browser after malware writers turned their attention to exploiting flaws in the software.

Days after Adobe released a patch for flaws being exploited in Flash Player , Apple has begun blocking older versions of the software in an effort to encourage users to update their systems.

"To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player," Apple said in a new support document.

Users running an outdated version of Flash may see "Blocked Plug-in" if they attempt to view Flash content in Safari and a pop-up window prompting them to "Download Flash".

2013-03-04 10.19.40 am
Pop-up warning Mac users with outdated Flash can expect to see. Image credit: Apple.

As with Apple's recent Java plug-in blocks , the block on older Flash Player plug-ins has been applied to the Snow Leopard, Lion and Mountain Lion versions of OS X via an update to its XProtect 'plist'. (If you're worried about the security of your system, you can force OS X to update its malware definitions on a daily basis by following these instructions.)

The block comes after Adobe released an update for Flash last week. The update patched three vulnerabilities, two of which were being used in an attack on Firefox for Windows. As of last week, the latest version of Flash for Macs and Windows is 11.6.602.171.

Browser makers have been tightening control over older Flash plugins, which, like Java, remain a popular target for attacks on the web.

Chrome and IE 10 for Windows 8 automatically update Flash to the latest version, and Mozilla has implemented "Click to Play" in Firefox , which prevents all plugins from launching automatically except the latest version of Flash.

Adobe last year also put Flash for Firefox in a sandbox, introducing to it similar protections in Chrome , which are designed to limit its privileges.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All