Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,287
30,349



As noted by Ars Technica, Adobe late yesterday issued a security bulletin announcing that it was releasing updates to Flash Player in order to address a pair of security vulnerabilities targeting Mac and Windows users.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Users can manually download the new 11.5.502.149 version of Flash Player from Adobe's site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

In response to the issue, Apple has updated its Xprotect anti-malware system to enforce new minimum version requirements blocking all previous versions of Flash Player. Apple has used the system several times over the past month to block vulnerable versions of Java.

flash_player_blocked_mac.jpg
Apple has also posted a new support document addressing the issue and explaining to users how to update Flash Player when they discover that the plug-in has been blocked.

Article Link: Adobe Releases Flash Player Update to Patch Security Holes as Apple Blocks Earlier Versions
 

autrefois

macrumors 65816
Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn't acceptable for them to keep disabling software that many people use and need on a daily basis. Inform people of the vulnerability and give them the option of disabling it.
 

Saladinos

macrumors 68000
Feb 26, 2008
1,845
4
This is why Apple have been fighting for a plugin-free web.

It's certainly cost them sales (not having flash and to a lesser extent Java on iOS devices, for example), but it's worth it. I'm glad they didn't take the easy road.
 

TheNextBigThing

macrumors member
Feb 28, 2012
77
0
Pearl of the Orient
Tried to open the download link.
"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available." :cool:
 

ProudLoz

macrumors regular
Aug 26, 2012
240
0
Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn't acceptable for them to keep disabling software that many people use and need on a daily basis just because there's a vulnerability out there.

This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.
 

xionxiox

macrumors regular
Jul 20, 2010
227
0
Hell
This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.

This seems to be the only way things have been getting fixed tho...
 

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
Tried to open the download link.
"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available." :cool:

Yeah, all versions of Chrome come with an internalized Flash instance separate from the OS. So, for someone like autrefois who wants to run an insecure plugin, they can just use Chrome.

Funny how the devs do this for Flash, but continue to take a stand against a real standard like H.264. :rolleyes:

Apple needs to stop blocking software.

No, people need to stop making users "do actual work" using poor platform choices and insecure software. Flash and Java's times are over. I'm glad Apple is doing this, because it highlights the fact that these plugins need to go.
 

SOLLERBOY

macrumors 6502a
Aug 8, 2008
715
68
UK
Great, go through the process and it's still blocked. It just re installed the same version I had.
 

autrefois

macrumors 65816
This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.

Yes, I completely agree it is annoying (and in my opinion unacceptable) in general, whether it's for work or not.

I mentioned work because I happened to be trying to access something for work at the time, and I was anticipating that people would say (and I see it's already started) things like: who needs Flash, haven't used Flash in ages, let's destroy Flash once and for all, etc.

Yes, this time there is a fix available right away (which was not the case with Java recently). And no, I don't like Flash. But sometimes, there isn't another option right now.

Why should we have to guess what software Apple is or isn't going to decide to block every day? It is the consumer's responsibility to make sure their computer is safe. Popping up a warning before running it would be more than sufficient.
 
Last edited:

Northgrove

macrumors 65816
Aug 3, 2010
1,149
437
Flash & Java are usually replaceable with HTML 5 + Javascript. The only time I can think of Java being more convenient is for the more direct hardware access, but this is precisely why it's so dangerous!

I'm pretty sure we could do away with these technologies and still have a web functioning pretty much like today, only with less crashes, less resource requirements, and better mobile platform support.

Flash isn't supported by iOS, Android since 4.1, or Windows Phone 8. It's ridiculous that web designers still use the technology.
 

pmhparis

macrumors member
Feb 8, 2013
43
27
devinez...
I never hear any problems with Microsoft Silverlight. Is it extremely secure or just nobody uses it or cares?

it has it's own problems but the fact that few people have it installed has made it a less visible target. Ask yourself this: Do you really need Silverlight? The answer is extremely rarely yes so why augment the ways you can be remotely hacked.
 

MyNameIsDave

macrumors member
May 28, 2012
37
0
Blighty
Great, go through the process and it's still blocked. It just re installed the same version I had.
You need to restart your browser after the install. It doesn't tell you to do this, but it looks as though the update has failed if you don't when it has in fact worked.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.