but Apple OSX is based on tried and tested UNIX and is immune to such vulnerabilities. Magic dust is able to discover exploits before they get a chance to spring into action.
Unix was designed with security in mind and every object is securable with extremely high granularity (me-us-everyone). For even higher granularity you can add ACLs on top.
OSX also has sandbox technology but because the rest of the system is so secure by design, Apple has left it off for internet facing programs.
In case that anything should get past all this, OSX Snow Leopard now also scan for a mind-buggingly two malwares!
And in case anything gets past *that* and age-old feature, RDF*, springs into action and neuters the malware to the point that it cannot be labelled as such anymore.
*RDF = Reality Distortion Field
Hardware 2.0
Adrian Kingsley-HughesVulnerable Adobe Flash shipped with Snow Leopard
Summary
If you’ve upgraded your shiny Mac to Apple’s latest Mac OS X 10.6 Snow Leopard then you might have made your Mac less secure thank to Apple shipping an old version of Adobe Flash which contains a serious vulnerability.
Topics
Blogger Info
Adrian Kingsley-Hughes
Biography
Adrian Kingsley-Hughes
Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.
Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.
Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.
If you’ve upgraded your shiny Mac to Apple’s latest Mac OS X 10.6 Snow Leopard then you might have made your Mac less secure thank to Apple shipping an old version of Adobe Flash which contains a serious vulnerability.
This information comes to us via the good folks at Sophos:
Now, imagine (like me) you got your copy of Snow Leopard on Friday, and have now updated your computers.
Unfortunately during the course of that update (and unknown to you) Apple downgraded your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities.
The version you should be running is the latest version of Flash Player for Mac - 10.0.32.18.
Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe’s software in recent months.
That’s a serious oversight on Apple’s part.
Fortunately, it’s easy to fix the problem. Head over to Flash download page and let that do its magic. You should be all patched up in a minute or so.
And Sophos’ Graham Cluley is spot on with this observation:
This should be done as a matter of priority. Adobe is the “new Microsoft” when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit. This has lead the company to follow Microsoft’s example by releasing regular security updates.
If you upgraded to Snow Leopard, then it’s time to patch up!
Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.
Disclosure
Adrian Kingsley-Hughes
All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.
Biography
Adrian Kingsley-Hughes
Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.
Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.
Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.
More from “Hardware 2.0”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 15 Talkback(s)
-
honeymonster(Edited: 09/03/2009 04:36 AM) -
ok just upgrade from flash player then
Either a mistake or something intentional for compatibility reason. Probably the first.
someitguy7909/03/2009 07:24 AM -
I'm just going to leave it...
... and see what happens.
I've never had a virus or anything. I feel so left out.
zamzmith09/03/2009 09:17 AM -
Adrian, you got your numbers wrong.
The Flash version shipped with Snow Leopard is 10.0.32.1,
not 10.0.23.1 as you wrote. Do you do any fact checking at all
before writing a blog? This a interims version not released by
Adobe and I don't know what vulnerabilities are still in this
version, but that is a question you should have answered in
your article, don't you think?
sigma209/03/2009 09:48 AM -
thanks for the tips
thanks adrian, duly noted. i will now use windows as my main
operating system after this. i guess windows is the secure
way to watch porn on the internet
sfazly09/03/2009 10:33 AM -
Who need flash....
which is nothing but a resource hog, a buggy resource hog,
that most of the time is used for nothing more than to
display pesky advertisements. At least 90% of the web
works just fine without it. It is truly a flash in the pan.
arminw09/03/2009 10:54 AM -
90% of the web? Really?
Try using Flashblock with Firefox 3.5 and see how many broken, incomplete websites you can visit while it's turned on.
I suspect that 90% figure (wherever you got it) is reversed.
Wintel BSOD09/03/2009 06:29 PM -
Whats the first thing you do
when you install software?
Make sure all the components are A) working and B) up to date.
The only reason you do this is because the manufacturer of said software cannot be trusted to deliver third party components, even if they are needed, reliably.
This applies to any software you install, particularly an OS from a source known to crib components from anywhere they can.
I'm not just laying the boot into Apple though, theyre all as bad as each other...
HexHammer6709/03/2009 11:30 AM -
Maybe Apple should..
Perhaps in that case, Apple should clear the remaining
supply, upgrade their remaining products and email to those
who have ordered the Snow Leopard about the vulnerability.
Or maybe send complimentary patch files to the same
addresses where they sent those Snow Leopard CDs (for
those who don't check their mails). I bet that wouldn't be a
difficult task - other than the little cost.
Mohammad Mubashar09/03/2009 11:45 AM -
Win 7 will ship with a 'nasty chkdsk bug'...
...maybe we should get a refund for that too?
http://www.neowin.net/news/main/09/08/05/windows-7-
rtm-contains-a-rather-nasty-chkdsk-bug
The fact is that you have to finalize at some point
bwojcik09/03/2009 05:19 PM -
All OSes...
All operating systems are released with such problems. XP, Vista, Windows 7, various Linux distributions...
It isn't really a surprise, when Adobe released the patch after OS X 10.6 was released to manufacturing...
Microsoft don't pull all of the copies of Windows on shop shelves every month on Patch Tuesday, Linux distributions don't change the ISO images on a daily basis to cope with new bug fixes and patches.
That is what the update services are for. Apple has a link on their website to download the latest version.
I guess it was a quiet news day? :-S
wright_is09/03/2009 11:51 PM -
RE: Vulnerable Adobe Flash shipped with Snow Leopard
Snow Leopard has a minor (not excusable, but easily fixed) flaw in its installation. The ZDNet Week in Review email subject line reads: Windows 7's killer feature; Snow Leopard fails; Best phones, cameras [ZDNET WEEK IN REVIEW].
Hmm... Windows 7's Killer Feature, and "Snow Leopard FAILS". - Man, someone has some serious issues with Apple. Careful, your bias is showing.
djmccarrel@...09/04/2009 09:49 AM -
RE: Vulnerable Adobe Flash shipped with Snow Leopard
When I was reading this article and the associated posts, Avira flashed a warning - twice - that the page I was viewing contained a trojan. While this could well be a false positive, it's worth mentioning, since the possibility exists that a Flash ad on your site was hacked, and that unpatched OS X 10.6 users, drawn by your headline, might be drawn into the trap. Just FYI.
gsteele531@...09/04/2009 10:46 AM -
RE: Vulnerable Adobe Flash shipped with Snow Leopard
"Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission"
WRONG!
They accepted the installation of Snow Leopard. The installation can't possibly inform you about every file it upgrades and downgrades.
MrViklund09/07/2009 01:22 PM -
Apple has no reason, right, or responsibility
to touch adobe's install.
rtk09/07/2009 04:08 PM
Talkback - Tell Us What You Think
Get it the way you want it
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- India IT
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- Ten Things You Should Know about Windows 7There's a lot to Windows 7 - as one might expect, in a 17GB operating ... (Global Knowledge) Download Now
- 10 Dying IT SkillsThere are some things in life, like good manners, which never go out of ... (Global Knowledge) Download Now
- Troubleshooting Slow Networks with WiresharkWireshark, the world's most popular open-source network analyzer, has ... (Global Knowledge) Download Now
