Apple has released Safari 5.1.7, fixing four security vulnerabilities. These are the same holes that were patched in iOS 5.1.1 earlier this week.
At the bottom of the About the security content of Safari 5.1.7 page, Apple mentions this tidbit:
Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.
In other words, Apple has started disabling ancient Adobe Flash Player versions (10.1.102.64 and older) in the latest release of its browser. I say "ancient" because Flash Player version 10.1.102.64 was released in November 2010.
Apple offers the following explanation:
Out-of-date versions of Adobe Flash Player do not include the latest security updates and will be disabled to help keep your Mac secure. If Safari 5.1.7 detects an out-of-date version of Flash Player on your system, you will see a dialog informing you that Flash Player has been disabled. The dialog provides the option to go directly to Adobe's website, where you can download and install an updated version of Flash Player.
If you need to re-enable an out-of-date version of Flash Player, you can do the following:
- Navigate to the /Library/Internet Plug-Ins (Disabled) folder.
- Drag "Flash Player.plugin" into /Library/Internet Plug-Ins.
- If the browser is running, quit and restart it.
Adobe seems pleased with the new feature:
In the meantime, we welcome today’s initiative by Apple to encourage Mac users to stay up-to-date: With the Apple Safari 5.1.7 update released today, Apple is disabling older versions of Flash Player (specifically Flash Player 10.1.102.64 and earlier) and directing users to the Flash Player Download Center, from where they can install the latest, most secure version of Flash Player.
While this appears to be a good move, it really isn't anything to write home about. The Apple users who have Flash Player version 10.1.102.64 are very unlikely to be the same people who would go and download the latest version of Safari.
It's a start though. Now that Apple has the feature built-in, the company can change the version number to something much newer, like something from last year.
Adobe currently gives Windows users the option to install updates automatically, without user interaction. The company says a Mac version of the Flash Player background updater is currently in beta and will be available very soon, but wouldn't give a specific date to look forward to.
- Adobe's latest critical security update pushes scareware
- Why you should care about automatic updates for Flash Player
- Apple releases OS X Lion 10.7.4, fixes FileVault password bug
- What Microsoft can teach Apple about security response
- Microsoft: Macs 'not safe from malware, attacks will increase'
- Cross-platform malware exploits Java to attack PCs and Macs