Apple Updates Mac OS X 10.5 Leopard with Flashback Removal Tool, Flash Player Disabler

[MacRumors]

​

While Apple moved fairly quickly to release software tools for OS X Lion and Snow Leopard to remove the Flashback malware from infected systems and patch the Java vulnerability it exploited, users of earlier operating system versions have remained vulnerable.

Apple addressed that issue today for users of Mac OS X 10.5 Leopard, releasing Leopard Flashback Removal Security Update to clean infected systems and disable the Java plug-in in Safari.

This update removes the most common variants of the Flashback malware. If the Flashback malware is found, a dialog will notify you that malware was removed. In some cases, the update may need to restart your computer in order to completely remove the Flashback malware.

To improve the security of your Mac, this update also disables the Java plug-in in Safari. For instructions on how to re-enable it, please visit: http://support.apple.com/kb/HT5241.

The update weighs in at 1.23 MB and requires Mac OS X 10.5.8.

On a separate note, Apple also released Leopard Security Update 2012-003, which automatically disables out-of-date versions of Adobe Flash Player for security reasons. The update weighs in at 1.11 MB and requires Mac OS X 10.5.8.

This update disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe's website.

Apple included similar functionality for Lion and Snow Leopard systems in Safari 5.1.7 released last week alongside OS X 10.7.4.

Today's software releases for Mac OS X Leopard mark the first significant software updates for the operating system since the debut of OS X Lion in mid-2011.

Article Link: Apple Updates Mac OS X 10.5 Leopard with Flashback Removal Tool, Flash Player Disabler

 

[Penderworth]

Is there a way to disable Flash in Lion or do I have to uninstall it?

 

[AppleMacFinder]

Is there a way to disable Flash in Lion or do I have to uninstall it?

The best choice is to uninstall the Flash, and install Google Chrome - which has a built-in Flash,
separated from Safari and other browsers. And then, when you need Flash, just launch Google Chrome.

 

[pat park]

Is there a way to disable Flash in Lion or do I have to uninstall it?

Click to flash.

 

[Watabou]

The best choice is to uninstall the Flash, and install Google Chrome - which has a built-in Flash,
separated from Safari and other browsers. And then, when you need Flash, just launch Google Chrome.

That is exactly what I do. I use Firefox most of the time and use Chrome whenever I want flash, which surprisingly, isn't that often.

Or you can use flash block, click to flash(safari only) to block flash from running automatically.

 

[Dragonforce]

Nice to see that Apple still not has completely forgotten about users who are still on Leopard / legacy systems with PPC.

 

[Northgrove]

What about all Mac OS X 10.4 Tiger users? Left in the cold?!

 

[JosephAW]

Update not compatible with PPC...

Downloaded both: FlashbackRemovalUpdate.dmg, SecUpd2012-003.dmg

Neither will run on Power PC G5 System running Leopard 10.5.8.

Looks like we're left out again. :\

 

[codo]

Today's software releases for Mac OS X Leopard mark the first significant software updates for the operating system since the debut of OS X Lion in mid-2011.

And probably the last? Can't imagine too many more

 

[simty]

You can't get an up-to-date Flash for a PPC Mac

You can't get an up-to-date version of Flash Player for a PPC Mac and without Flash content access you may as well toss it in the trash. I know PPC systems can hardly render Flash content but still ....

 

[keruah]

Downloaded both: FlashbackRemovalUpdate.dmg, SecUpd2012-003.dmg

Neither will run on Power PC G5 System running Leopard 10.5.8.

Looks like we're left out again. :\

So you can't have Flashback but want to remove it?

 

[nagromme]

As far as I can tell, even on Intel, Leopard/Safari CANNOT install the newest versions of Flash (anything with Stage 3D—Flash Player 11 I think). My Core2Duo iMac with Leopard keeps telling me to update Flash and then the Adobe site says I cannot update.

So if older versions get disabled, does that mean no Flash at all on Leopard?

Or has some new Flash version come out in the last week that IS Leopard-compatible (at least on Intel)?

I rarely use Leopard, but I’m curious.

 

[oiuh151]

Is there a way to disable Flash in Lion or do I have to uninstall it?

Safari > Preferences > Security > Disable Plug-Ins

 

[pubwvj]

Apple should continue to support all older software, Classic, etc because there is a lot of legacy data and wonderful older educational software that has never been ported over to Intel/OSX. Shame on Apple for destroying all that great stuff. It isn't like they lack the resources. Greed is all that holds them back.

 

[commander.data]

What about all Mac OS X 10.4 Tiger users? Left in the cold?!

Downloaded both: FlashbackRemovalUpdate.dmg, SecUpd2012-003.dmg

Neither will run on Power PC G5 System running Leopard 10.5.8.

Looks like we're left out again. :\

Tiger and PPC Leopard never had Java SE 6, which is where the security vulnerability has been reported to be. Does Flashback even work on Java 1.4 and/or Java SE 5? Tiger and PPC Leopard may actually have the advantage of security through obsolescence.

 

[IzzyJG99]

Downloaded both: FlashbackRemovalUpdate.dmg, SecUpd2012-003.dmg

Neither will run on Power PC G5 System running Leopard 10.5.8.

Looks like we're left out again. :\

Yes. I just noticed that on my older iMac and Powerbooks which I still have use of. Weak on Apples part.

 

[drorpheus]

You can't get an up-to-date version of Flash Player for a PPC Mac and without Flash content access you may as well toss it in the trash. I know PPC systems can hardly render Flash content but still ....

yeah no doubt, i just burned my ipad1 because its soo old and if anyone on here wants it they can have my already obsolete ipad2. neither can do flash so obviously lack all major techz.

 

[AriX]

Apple should continue to support all older software, Classic, etc because there is a lot of legacy data and wonderful older educational software that has never been ported over to Intel/OSX. Shame on Apple for destroying all that great stuff. It isn't like they lack the resources. Greed is all that holds them back.

I wouldn't call it greed at all. It's very difficult to maintain technologies like that, and when you try to keep perfect backwards compatibility, you end up with something like Windows, which has had the same fundamental win32 API since the early '90s (and it shows).
That said, I wholeheartedly agree that Apple should try to support these platforms for longer. Classic should have been maintained through Leopard. It would not have been that hard, and it would have been logical for it to be discontinued with Snow Leopard, which dropped PPC support. Rosetta should have been maintained through Lion or beyond; it was only included in current operating systems for 5 years. I think 7 or 8 is not unreasonable.
In the same vein, I think that Apple should still be releasing regular security updates for Leopard, because it is the last PowerPC-compatible OS, and PPC computers were still sold through 2006. I think that PPC should be supported until 2014, not 2011. But oh well. These updates are better than nothing.

 

[-hh]

It is about time (that Apple plugged this vulnerability)

Nice to see that Apple still not has completely forgotten about users who are still on Leopard / legacy systems with PPC.

More importantly, those Intel Mac users still on Leopard. It is about time that Apple provided protection to this group, which makes up ~15% of their installed base.

What about all Mac OS X 10.4 Tiger users? Left in the cold?!

According to the below, you might be okay; just not sure if this applies to PPC Macs and Intel Macs equally, or just PPC Macs - - that's what needs to be verified:

Tiger and PPC Leopard never had Java SE 6, which is where the security vulnerability has been reported to be. Does Flashback even work on Java 1.4 and/or Java SE 5? Tiger and PPC Leopard may actually have the advantage of security through obsolescence.

Downloaded both: FlashbackRemovalUpdate.dmg, SecUpd2012-003.dmg

Neither will run on Power PC G5 System running Leopard 10.5.8.

Looks like we're left out again. :\

The good news is that PPC Macs aren't susceptible at all. The bad news is that this has been very poorly documented by Apple.

By my personal reckoning, I'd say that the only meaningful vulnerability hole left to check on would be to see if Intel Macs running Tiger might be susceptible. As per commander.data's post (above), the thing to check on may be to see if Flashback can exploit versions of Java prior to SE 1.6. If the answer's no, then all systems are plugged.

Once again, it would be very helpful for Apple to publish a table of what configurations are/aren't susceptible...and for the susceptible ones, indicate which ones have now been patched.


-hh

 

[scottsjack]

Kudos to Apple. They've taken the high ground here by supporting their customers. With the cheapskates at Adobe initially refusing to fix their security issues in CS5 products and the sleazebags at Microsoft wanting to play browser wars again with the non-Windows Windows RT it's great to see Apple acting the the great company they are.

 

[kolax]

Disabling out of date Flash is a great idea.

Most users will never update it, but if they can't view YouTube without updating, they'll update it.

 

[vohdoun]

This was a good read. http://tenfourfox.blogspot.co.uk/2012/05/security-blanket-blues.html

 

[Exhale]

Microsoft wanting to play browser wars again with the non-Windows Windows RT it's great to see Apple acting the the great company they are.

You mean the very same restrictions that are in place with iOS? No JIT, no secondary layout engine, no secondary javascript engine.

 

[cerote]

Disabling out of date Flash is a great idea.

Most users will never update it, but if they can't view YouTube without updating, they'll update it.

Some sites like youtube switch to h264 video if flash isn't there.

 

[faroZ06]

I'm surprised. Usually, Apple doesn't support their older OSs. Leopard is almost 3 behind (with Mountain Lion coming out soon). Even iMessage isn't going to work in Lion.

----------

You can't get an up-to-date version of Flash Player for a PPC Mac and without Flash content access you may as well toss it in the trash. I know PPC systems can hardly render Flash content but still ....

Toss my Mac in the trash for not having the latest Flash? More like toss my Flash in the trash for not supporting my Mac.

Does anyone know if YouTube works without Flash on a Mac? I know it works for iOS. If it works on a Mac, I'm tossing Flash.