New Apple Safari disables ancient, insecure Flash versions

New Apple Safari disables ancient, insecure Flash versions

Summary: Apple has released Safari 5.1.7. The new version automatically disables out-of-date versions of Adobe Flash Player. Unfortunately, a closer look shows that this really isn't that big of a deal.

SHARE:

Apple has released Safari 5.1.7, fixing four security vulnerabilities. These are the same holes that were patched in iOS 5.1.1 earlier this week.

At the bottom of the About the security content of Safari 5.1.7 page, Apple mentions this tidbit:

Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

In other words, Apple has started disabling ancient Adobe Flash Player versions (10.1.102.64 and older) in the latest release of its browser. I say "ancient" because Flash Player version 10.1.102.64 was released in November 2010.

Apple offers the following explanation:

Out-of-date versions of Adobe Flash Player do not include the latest security updates and will be disabled to help keep your Mac secure. If Safari 5.1.7 detects an out-of-date version of Flash Player on your system, you will see a dialog informing you that Flash Player has been disabled. The dialog provides the option to go directly to Adobe's website, where you can download and install an updated version of Flash Player.

If you need to re-enable an out-of-date version of Flash Player, you can do the following:

  1. Navigate to the /Library/Internet Plug-Ins (Disabled) folder.
  2. Drag "Flash Player.plugin" into /Library/Internet Plug-Ins.
  3. If the browser is running, quit and restart it.

Adobe seems pleased with the new feature:

In the meantime, we welcome today’s initiative by Apple to encourage Mac users to stay up-to-date: With the Apple Safari 5.1.7 update released today, Apple is disabling older versions of Flash Player (specifically Flash Player 10.1.102.64 and earlier) and directing users to the Flash Player Download Center, from where they can install the latest, most secure version of Flash Player.

While this appears to be a good move, it really isn't anything to write home about. The Apple users who have Flash Player version 10.1.102.64 are very unlikely to be the same people who would go and download the latest version of Safari.

It's a start though. Now that Apple has the feature built-in, the company can change the version number to something much newer, like something from last year.

Adobe currently gives Windows users the option to install updates automatically, without user interaction. The company says a Mac version of the Flash Player background updater is currently in beta and will be available very soon, but wouldn't give a specific date to look forward to.

See also:

Topics: Hardware, Apple, Operating Systems, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Apple's Software Update gives you reminders

    Since Apple's Software Update normally pops up every so often when it detects software updates, people are more likely to get the update whereas the Adobe Flash Player has no such auto update and therefore most people will not keep it up to date. Under normal circumstances, Apple's Software Update will continue to nag the user unless s/he hides the update or disables auto checking.

    When given a reminder, a person is more likely to update that software than a software with no reminder.

    The only issue I find is that any Safari update requires a reboot, something that most Mac users, myself included, don't like to do.

    I use Cnet's TechTracker which tells me when a new version of Flash Player is available.

    I think website admins need to code their sites to refuse to play flash content unless the latest Flash Plugin is installed. This would encourage the common youtube user to update Flash.
    ccfman2004
    • I don't know what planet you're from...

      ... but every time I open a website with Flash video or interactive content, I get a pop-up notification if my version is out of date when a new version of Flash is available. OTOH, my Apple Software Update on my computers running Mac OS X pop up weekly when there is an update.
      Champ_Kind
    • What the frack...

      Don't OSX users get the same update pop-up notices that Windows users get when a new version of Flash is available?
      eye4bear
      • Errrr

        I guess not! That's why Safar is blocking Flash players that are 18 months old....
        Gisabun
  • Why so old Player updates?

    Shouldn't Apple be a bit more forceful and block anything [say] older than 6 months? 18 months is too far back.
    Second, I'm assuming thne Mac version has or will get the same auto-update that Windows users get now.
    Gisabun
  • Doesn't work anymore?

    I am really not sure if Flash is so bad in Macs because of Adobe, Apple or both. There is a lot of talk about this going around for years and I do not want to go into that. But to me, some older versions perform better and I would like to be able to use them IF I WANT! Apple and Adobe will say I shouldn't and all, but the CANNOT SAY: YOU CAN'T! That is wrong! Unfortunately the trick described in this post does not seem to work in my system (OSX 10.8.2 ML - Safari 6.0.2). I don't have time to hack this now so I guess I will try the new flash plugin. I hope it does not crash every 10min like the previous "up-to-date" version I tried. But no, I am not happy! I like freedom of choice...
    PS1: I have no (Disabled) plugin folder, just the normal one and Flash Player.plugin is in there.
    PS2: I tried to trick com.apple.Safari.plist, but no success yet (even though there is an entry for blocked plugins there).
    Gustavo Neves
  • TIL "Ancient" = One Month Old

    Apple is now disabling versions of Flash that are less than ONE MONTH old. "Ancient" indeed. Apple is getting out of hand here. We should not be having to keep seeing "Plug in blocked' all the time as we now are with their overly-aggressive Big Brother attitude. Further, the latest version of Flash won't install--it gives multiple errors. So...no Flash for us. Apple and Adobe are teaming up to really mess with end-users. Enough!!!
    ktappe