Snow Leopard ships with vulnerable Flash Player

Snow Leopard ships with vulnerable Flash Player

Summary: Apple's new operating system comes with an outdated version of Flash Player that exposes Mac users to hacker attacks.

SHARE:

Apple's new operating system comes with an outdated version of Flash Player that exposes Mac users to hacker attacks.

The initial release of Mac OS X 1..6 (Snow Leopard) includes Flash Player 10.0.23.1, which is very much out of date.   The fully patched version of Flash Player for Mac is version 10.0.32.18.

[ SEE: Apple adds malware blocker in Snow Leopard ]

Even worse, Intego reports that the vulnerable version of Flash is included even if the Mac user was fully patched before upgrading the operating system.

The current version of Flash Player for Mac is 10.0.32.18, but if you go to the Flash Player version test page after installing Snow Leopard, you’ll find that you have version 10.0.23.1, even if you were up-to-date before the upgrade. It seems that Apple is shipping an outdated, even dangerous version of Flash Player.

Adobe has also spotted the hiccup and released a security alert to warn of the problem.

The initial release of Mac OS X 10.6 (Snow Leopard) includes an earlier version of Adobe Flash Player than what is available from Adobe.com. We recommend all users update to the latest, most secure version of Flash Player (10.0.32.18) -- which supports Snow Leopard and is available for download from http://www.adobe.com/go/getflashplayer.

Snow Leopard also includes a rudimentary file quarantine feature to help block known malware attacks against Mac OS X users.

Topics: Apple, Hardware, Malware, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

86 comments
Log in or register to join the discussion
  • This is unpossible!!! Stop Lying!! Snow Leopard is Teh Secure!

    Of course cue the apologists telling us how this isn't Apple's fault because they didn't write the Flash player...
    Qbt
    • Well, they didn't, BUT they did include it ...

      ... instead of letting the user who need Flash download the latest version.
      M Wagner
      • Who needs flash...

        when 90%+ of the web works just fine without it and flash is mostly used
        for pesky ads which show up as a blank spot of flash isn't there.
        arminw
        • Most people watch YouTube videos

          Most web video these days requires Flash. If you don't want that, then by all means uninstall Flash and your life will be easier. But if you want the video you'll need the Flash (or Gnash or some compatible equivalent).

          Personally I use AdBlock if ads interfere with the web page, but I'll let it slide as long as the ad does not interfere with the overall experience (because I know those ads keep the web page free).
          Michael Kelly
          • You might do better with Flashblock

            If the ad isn't flash, it'll be there.

            With flashblock you can easily configure it to show flash from named sites
            so you don't have to fool around changing things whwn you want flash. If
            you get an embedded youtube video on a webpage and you have youtube
            cleared it will play.
            j.m.galvin
          • Cool!...(nt)

            .
            JCitizen
  • So far the only posts are from windows fanbois

    telling us what the Apple fanbois are going to say.

    The solution here is simple. Update your flash player after
    you install Snow Leopard.

    Stupid on the part of Apple? Yeah. Apocalypse? No.
    frgough
    • Well, the problem is that..

      for some reason, the update isn't listed in the automatic software update list.

      No pun intended. But going to the website and downloading the update directly are Windows/Linux users' kind to thing, you know. We Mac people don't do that. That's why we paid $1000 extra on it in the first place.
      Dealing
    • No apology given, none necessary.

      This is simply not good enough.

      If adobe flash isn't in "Software Update" it shouldn't be shipped with SL.
      Richard Flude
      • Only Apple's software is updated via Software Update

        it's entirely available in Apple Downloads here:
        http://www.apple.com/downloads/macosx/internet_utilities/adobeflashplayer.html

        That was not so hard now was it? :-)
        Mikael_z
        • Is that an automatic update from apple?

          What the other poster was saying, I think, is that if it's not part of an automated apple update (akin to Windows Update or the update tool included in Ubuntu, which updates virtually anything, including apps that didn't ship with Ubuntu), it shouldn't be included in the OS install.

          It's pretty clear that home users are not proactive when it comes to software updates or security. There's no reason to believe that Apples non-technical users will go out searching for updates.

          Adobe took care of the problem, but this was a pretty big mistake, if for no other reason than Flash seems like the most common vector of attack against home users.

          Apple needs to step up their game, and I'm sure they will, but it's becoming increasingly clear that they need to focus more on Security.
          notsofast
    • What about all the crap in Windows

      Never seem to mention the flaws in Windows, but when apple releases,
      oh my, the worse thing ever. NOT. Get over it Windows Fan bois. An I use
      windows. LOL.
      djzoey
      • No ... the point is ...

        ... that for years, the Appleista have been quick to jump on any announcement of a "Windows exploit" which are often actually penetrations through 3rd party software (a lot of it Adobe's) and they have shouted with glee about how insecure Windows is ...

        ... But now that OSX has started getting popular, those same Apple fans are facing the kind of trials and tribulations that many Windows users have already learned how to protect themselves from.

        Alas, the overriding mentality of Mac users is that they're impervious to attack because of the (grossly inaccurate) "OSX has no vulnerabilities" meme. Jobs will have a lot of explaining to do in a couple of years when OSX grows just a few more percentage points and starts becoming the target for mass exploitation.
        de-void-21165590650301806002836337787023
    • So far the only posts are from windows fanbois

      Well of coarse only the Windows people will
      respond. The tone of the article was that the
      world was coming to an end. I don't read many of
      his articles but it seems the person writing this
      is a Windows Guy!.
      kmackdog1
    • speaking of updates

      Kind of like, WHEN I was a PC....everytime I loaded a window's program, I
      am directed to their update page for 20 minutes of downloads to update
      the program.....People in glass houses........
      dlights
    • You're right

      but if this was a windows 7 issue, you can be sure that all the Mac fan boys would post how this shows how crappy windows/MS is.

      It's much like Walt Mossberg's recent review of Leopard. His criticisms were mild and he generally gave them a pass for incompatibilities and he doesn't take them to task for dropping support for machines that may have been purchased as recently as 3 years ago.

      OTOH, incompatibilities with Vista or 7 are signs of how inferior Windows is to OS X and the inability to do an in-place upgrade from XP (an 8 year-old OS)is unforgivable....nevermind that he complained that it required XP users to back up their data if they don't have another HD/free partition. Never mind that his assertion was false, he essentially gives his readers the terrible advice that backing up your data before a major upgrade is part of every upgrade.

      I don't care if you're running Unix, Linux, Windows or OS X, you're rolling the dice if you don't back up first.

      Besides, if you dislike 7 or Snow Leopard, you can just reinstall from your back up and you're back in business.
      notsofast
  • Apple products suck at Flash. Everybody knows that.

    I don't know the story behind it but it is like they don't want to support Flash but still reluctantly put it in because a lot of websites use it.

    I believe Apple doesn't like depending on other people's standard. They love making their own.

    And now it has taken its toll on them.
    Dealing
    • Making their own standards....

      Hmmm. So if Apple makes their own standard, it's OK.. But if Microsoft does it, they're evil for not following open standards - even if those "wonderful" open standards are problematic...?

      Gotta love double standards...
      Wolfie2K3
      • Re: Making their own standards....

        Cept last time I checked Flash wasn't an open standard, it's proprietary software.
        Jamik
      • RE: Making their own standards

        Wolfkie2k3, did you read dealing's post correctly? He's ripping Apple for having their own standard, not saying it is OK.
        gschultz