http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/2009/09/03/snow-leopard-installation-downgrades-flash-player-to-vulnerable-version/)

Antivirus firm Sophos reports (http://www.sophos.com/blogs/gc/g/2009/09/02/apple-ships-vulnerable-version-flash-snow-leopard/) that Mac OS X Snow Leopard ships with an outdated version of Flash Player that contains several security vulnerabilities patched in the most recent version of Flash Player that was released by Adobe on July 30th. Importantly, an upgrade installation of Snow Leopard over an existing Leopard installation containing an up-to-date Flash Player downgrades Flash to the earlier version with no warning to the user that it has done so.Unfortunately during the course of that update (and unknown to you) Apple downgraded your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities.

The version you should be running is the latest version of Flash Player for Mac - 10.0.32.18.

Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months.The report urges users to double check (http://www.adobe.com/software/flash/about/) their Flash Player version and upgrade to version 10.0.32.18 if necessary in order to be sure that they have up-to-date protection against security threats.

Article Link: Snow Leopard Installation Downgrades Flash Player to Vulnerable Version (http://www.macrumors.com/2009/09/03/snow-leopard-installation-downgrades-flash-player-to-vulnerable-version/)

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

How is snow Leopard? Is it worth the upgrade?

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.

I didn't realize that my flash player does not update itself. Kind of a hassle to remember to do that periodically

How is snow Leopard? Is it worth the upgrade?

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.

But it was Apple's job to DOWNGRADE your Flash player?

It's not like Apple is some stupid company that didn't know how to check if your Mac is running certain versions of Flash or any other software. Apple obviously did this for a reason.

How is snow Leopard? Is it worth the upgrade?
Yes, my MacBook Pro is significantly faster on everything (I timed stuff with Leopard too).
-Apps launch close to instantly (they allows took 4-6 bounces in Leopard).
-Faster Startup/Shutdown/Sleep/Wake
-Better response in apps

Snow Leopard was well worth $29; it's what Leopard should have been. Also, if you have Exchange- you NEED this.

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.

And what about the people who have already upgraded but have now been silently downgraded???

This is an Apple Mistake, not end users.

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

And of course, you've done exhaustive testing to discover that Snow Leopard is the cause of these problems.

Get real, kid. :rolleyes:

Flash is a nightmare, regardless of what version, on OSX. Installing ClickToFlash (http://rentzsch.github.com/clicktoflash/) has probably been a better upgrade for me so far than SnowLeopard!* No more do I see Safari with about 20 tabs open hogging a ridiculous amount of CPU cycles, as all the awful Flash elements in sites I don't want anyway are now blocked. I've also set it to use h.264 for Youtube, but the beta (which is the only version that works on SL) seems to autoload videos now. I'm sure that didn't happen on the stable/10.5

Adobe need to take a leaf out of Apple's book and make CS5 a '0 new features' release at a minimum cost, and give OSX users a decent release of their software. Everything about CS4, even the installer, feels like a PC port. Apple users have been huge supporters of Adobe through the years and deserve some better treatment. Flash is only the (awful) tip of a (huge) iceberg. It's beyond me that some iPhone owners actually want this awful thing on their handsets...

* Not to put down SL in any terms, I thought it was a good update before I read the ARS Tech 23 page review, now I *know* it is! :)

And of course, you've done exhaustive testing to discover that Snow Leopard is the cause of these problems.

Get real, kid. :rolleyes:

So, Whats your take on Buying Snow Leopard?

Funnily enough, after installing Snow Leopard I found flash movie playback to be terrible with lots of stuttering. I replaced the flash plug-ins from Leopard from my Time Machine backup.

So does that mean I've actually installed a newer version of the plug-ins supplied by Snow Leopard, but going back to my Leopard plug-ins?

Weird.

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

Even this is forgiven when it's Apple, but had it been MS people would have gone mad. Do you not understand what this means? This means that 3rd party software is PURPOSEFULLY downgraded by the installer, without checking the version number first. Smells like an Apple hates Macromedia thing to me, as I am fairly certain the installer checks the version number of every other piece of software before downgrading it.

I think Apple wanted these news. You people will just turn them to "Flash being unsafe, thank you Apple". It's a conspiracy!

Yes, Flash is a mess and embarrassing. A true disgrace, the mother-in-law to the CPU. But you can just upgrade.

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.


Unbelievable. A total Cupertino brainwash. Impressive.

it probably upgraded mine, i don't think i've upgraded it in a year. But I agree it should have been checked before downgrading or just left alone all together.

Downloading the latest version now then. Wonder if I had the latest version on Leopard...

Flash is a nightmare, regardless of what version, on OSX. Installing ClickToFlash (http://rentzsch.github.com/clicktoflash/) has probably been a better upgrade for me so far than SnowLeopard!* No more do I see Safari with about 20 tabs open hogging a ridiculous amount of CPU cycles, as all the awful Flash elements in sites I don't want anyway are now blocked. I've also set it to use h.264 for Youtube, but the beta (which is the only version that works on SL) seems to autoload videos now. I'm sure that didn't happen on the stable/10.5

Adobe need to take a leaf out of Apple's book and make CS5 a '0 new features' release at a minimum cost, and give OSX users a decent release of their software. Everything about CS4, even the installer, feels like a PC port. Apple users have been huge supporters of Adobe through the years and deserve some better treatment. Flash is only the (awful) tip of a (huge) iceberg. It's beyond me that some iPhone owners actually want this awful thing on their handsets...

* Not to put down SL in any terms, I thought it was a good update before I read the ARS Tech 23 page review, now I *know* it is! :)

You have really bought Apple's side of the coin, haven't you? Flash is a fantastic product that has delivered so much for the Internet as we know it today.

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.

I'm more impressed that Apple included the Flash plugin at all, knowing the crap that Adobe keeps putting out.

Whether or not it was Apple's responsibility to make sure third-party support like Flash was correct, it's an easy fix, and obviously there's an intelligent enough community of users who spotted the error and let everyone know. Small potatoes in my opinion.

Could they have downgraded due to the cpu munchin problems that flash has?
Some MB owners complain of extreme cpu temps when watching megavideo for instance

To MacRumors for the links to find out which version of Flash Player I was running. I am now back to the current version.

I didn't realize that my flash player does not update itself. Kind of a hassle to remember to do that periodically

Same here. Can somebody enlighten me how I can find out what flash-version is installed on my Mac?

I upgraded a few days ago, as I found a flash website that didn't work under SL that did under leopard directly before the upgrade.
It was chance that I found this, flash is more stable with the newer version. THis is a really really bad move by apple. I hope they issue some sort of security update or /something/ to address this, despite it being 3rd party, because it's their fault and they need to correct it. I keep my software up to date regulary, but would have missed this if not by chance/this article

You have really bought Apple's side of the coin, haven't you? Flash is a fantastic product that has delivered so much for the Internet as we know it today.

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.
Ummmm, no. Flash is a horrible resource hog on all platforms, but it's exacerbated even further in OS X.

How is snow Leopard? Is it worth the upgrade?

It's OK.... when things work with it. The OS works well for me, but stuff like CS3 and VLC and DVD Player bomb arbitrarily and frequently.

The price is right, but you should all wait for an update into .1 or .2 before getting it. There is nothing you can't live without on SL.

Knowing Mac, they'll be inundated with all the error messages by now and are beavering away at the big fixes so they can have a version to work nicely with the hardware coming onto market within the next 2 weeks.

No matter when they release an OS, they have a LOT of problems to fix. Apple, nor any company, have the breadth of use in their departments to find all the problems normal people will through their widely varied usage. Bitching about the flakey OS first release is useless: it's going to happen every time. Just stand back for a month and let Apple sort it all out before you purchase or install.

Same here. Can somebody enlighten me how I can find out what flash-version is installed on my Mac?

Go to adobe's website, it will tell you there on the flash player install page.

Same here. Can somebody enlighten me how I can find out what flash-version is installed on my Mac?

Go here: http://kb2.adobe.com/cps/155/tn_15507.html

Apparently Im still running 10.0.22.87, time to upgrade I guess.

Ugh. Apple. Not cool. Will have to check my version when I get home.

So what. Just upgrade it.

Moving right along. . .

I'm not sure how responsible this article is....is there a possible reason why apple didn't include this latest update? Remember, Safari is not an extension of Flash...Flash is an extension/plugin of Safari.

I just followed the instructions on this article and upgraded but now I can print from Safari???? I can still print from Firefox but now Safari is acting up. Now when I print and nothing happens and try to quit...check out the image I'm attaching....it allows me to quit but the altert does not display right. This is very frustrating because I know just yesterday I had printed 4 pages in Safari and now suddenly it doesn't work seconds after upgrading my flash.

I'm going to try to restart my computer.

Is there a possible connection???:

Even this is forgiven when it's Apple, but had it been MS people would have gone mad. Do you not understand what this means? This means that 3rd party software is PURPOSEFULLY downgraded by the installer, without checking the version number first. Smells like an Apple hates Macromedia thing to me, as I am fairly certain the installer checks the version number of every other piece of software before downgrading it.

I think Apple wanted these news. You people will just turn them to "Flash being unsafe, thank you Apple". It's a conspiracy!

You people don't get it.

We're not talking about a system update deciding to downgrade some third-party software. That would, indeed, suck.

We're talking about an OS REINSTALL. News flash, when you reinstall your OS, software that is bundled with the OS (like, say, browser plugins) overwrites the other version. If you've upgraded CUPS to the latest HEAD version on your system, installing a NEW OS is going to overwrite it.

What part of "Operating System installation" do people not understand? If you want to be sure that you're really, truly, only touching the OS and not the usual, tangentially-attached software, it's YOUR responsibility to do so by not blindly choosing the default install.

This is so moronic, even for the internet, that I'm sort of flabbergasted.

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

As another poster has already pointed out, have you actually looked up any of the problems you were experiencing before indulging in your rant? Even without doing any research I can probably guess that you have an old version of Powerpoint and that it needs Rosetta to run it.

Yes, sometimes a new OS causes problems, but why is it that just because YOU have problems (some of which are your own responsibility) you feel the need to tell everyone else that SN will "suck ass" on everybody else's machine?

Personally, I've had no problems whatsoever with SL, and although the external changes are very slight, have generally found it to be faster and tighter than Leopard, so for me worth the upgrade.

I don't see any malicious intent by Apple. The Snow Leopard RTM build is using the version of Flash that was available when the OS was being built (before the beta's began, and before the vulnerability was found). It's not easy to upgrade a component that late in testing. I agree that they made a big mistake here and by including Flash in the default install, they need to own the solution.
Frankly, I don't feel that Apple had any business even including Flash. They should have just prompted the user to install once they visited a page requiring Flash.

Apple did drop the ball on this one, it's all right for us who keep up to date with tech news but it is unlikely that the majority of users will ever know they are running an outdated version and will not update.

Go to adobe's website, it will tell you there on the flash player install page.

Thanks!

I tells me I have version 10,0,22,87 installed.

I was never even aware that I need to install this stuff from Adobe. :eek:
Run Leopard with all Security Updates applied, and I find it kind of lame that Apple does not update the stuff it ships on their computers.

Flash is so crash happy on my SL system. During the development process, 10A421a is when the Safari hangs and Flash crashes started happening. I don't know what changed in that build, but it hasn't improved much in 10A432.

Thanks!

I tells me I have version 10,0,22,87 installed.

I was never even aware that I need to install this stuff from Adobe. :eek:
Run Leopard with all Security Updates applied, and I find it kind of lame that Apple does not update the stuff it ships on their computers.

Let me ask you this: How could they possibly automatically update software that doesn't even seem to have a mechanism for updating itself?

Even this is forgiven when it's Apple, but had it been MS people would have gone mad. Do you not understand what this means? This means that 3rd party software is PURPOSEFULLY downgraded by the installer, without checking the version number first. Smells like an Apple hates Macromedia thing to me, as I am fairly certain the installer checks the version number of every other piece of software before downgrading it.

I think Apple wanted these news. You people will just turn them to "Flash being unsafe, thank you Apple". It's a conspiracy!

Welcome to the "Java world in OS X", Flash player users! :o (schaudenfreude)
It is probably not done on purpose, and that's probably the revision SL was thoroughly tested with, anyway. Or maybe, Adobe is to blame? They are kind of slow ... (puts on flaming suit).

Hrm, good thing I haven't updated to Snow Leopard yet (will probably do it tomorrow though). I don't like Flash much but it is very popular for streaming media etc. so I really do need it to be safe.

I'm surprised at such a slip-up though, the patched version was released in a security update wasn't it? And it's been out for a while now.

You people don't get it.

We're not talking about a system update deciding to downgrade some third-party software. That would, indeed, suck.

We're talking about an OS REINSTALL. News flash, when you reinstall your OS, software that is bundled with the OS (like, say, browser plugins) overwrites the other version. If you've upgraded CUPS to the latest HEAD version on your system, installing a NEW OS is going to overwrite it.

What part of "Operating System installation" do people not understand? If you want to be sure that you're really, truly, only touching the OS and not the usual, tangentially-attached software, it's YOUR responsibility to do so by not blindly choosing the default install.

This is so moronic, even for the internet, that I'm sort of flabbergasted.

What is so hard to understand?
They ship it as part of their OS. So it stops beeing a third-party, user-responsible tool.

They should update it with the rest of the OS update procedure. End of sentence!

Ummmm, no. Flash is a horrible resource hog on all platforms, but it's exacerbated even further in OS X.

Funny how I only hear Mac users complaining about Flash. It's a very Mac-ish, chic and elite thing to complain about Flash I suppose. And don't flatter yourself by saying that you are more technically inclined than Windows and Linux users, it'd just be sad.

Oh no! I'm soooooooooo scared!

Whatever.

Let me ask you this: How could they possibly automatically update software that doesn't even seem to have a mechanism for updating itself?

Hello? Anybody home?
How does Apple normally update software installed on Mac's?
I never installed Flash myself. It came pre-installed as part of the OS by Apple.

I guess it is similar to the Java issue. They choose to run their own builds that are a number of versions behind everybody else.

No wonder that Apple computers are the firsts that get cracked at those 'Hacker-contests'...

What is so hard to understand?
They ship it as part of their OS. So it stops beeing a third-party, user-responsible tool.

They should update it with the rest of the OS update procedure. End of sentence!

You may have missed, earlier in the thread, the point that Flash *never updates unless the user does it*. That has nothing to do with Apple, it's the fault of the owner of the software--Adobe. If Apple were to update it automatically, they'd have to come up with some sort of hack that:

1. Would not work reliably;
2. Might very well violate Adobe's ownership rights, or their distribution contract.

It's unfortunate that the first copies of SL were printed before getting in this update, but it would be a total non-issue if Adobe weren't total idiots and had Flash be responsible for its own security updates, as *every competent piece of internet software in the universe* is.

Maybe apple had a reason not to include the latest version?????

Is anyone else who upgraded Flash dealing with this?????

Now safari semi-crashes when I go to print....seconds after installing the current Flash update????

Is the "latest" Flash version from Adobe Snow Leopard compatible? I remember when upgrading to Leopard you had to use the bundled version for some time until Adobe released a new one.

I noticed this on day one. (http://forums.macrumors.com/showthread.php?t=774601)

<pats self on back> ;)

You may have missed, earlier in the thread, the point that Flash *never updates unless the user does it*. That has nothing to do with Apple, it's the fault of the owner of the software--Adobe. If Apple were to update it automatically, they'd have to come up with some sort of hack that:

1. Would not work reliably;
2. Might very well violate Adobe's ownership rights, or their distribution contract.

It's unfortunate that the first copies of SL were printed before getting in this update, but it would be a total non-issue if Adobe weren't total idiots and had Flash be responsible for its own security updates, as *every competent piece of internet software in the universe* is.

And you missed what I said:

I never installed Adobe Flash Player myself!
Apple did this for me as part of the OS install.
They also installed Java and a lot of tools from BSD, GNU and other sources.

Am I now responsible to individually update all these tools?
I say NO!

I updated the Flash player plug-in about 10 minutes ago and just tried printing this Safari page. It worked fine for me. Using SL with a Canon Pixma iP4300 printer.

Hello? Anybody home?
How does Apple normally update software installed on Mac's?
I never installed Flash myself. It came pre-installed as part of the OS by Apple.

I guess it is similar to the Java issue. They choose to run their own builds that are a number of versions behind everybody else.

No wonder that Apple computers are the firsts that get cracked at those 'Hacker-contests'...

You have no idea what you're talking about. The Java and Flash situations are totally different, with different ownership, licensing, and technical issues, and having nothing to do with each other. I'm not going to get into the issues with Java on the Mac, because it's irrelevant.

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software. Any software that is internet-aware and thus may have wider security issues absolutely MUST have it's own updating facility in this day and age. The fact that Flash doesn't should be the real scandal here.

I'd also like to point out that the vulnerability addressed in that upgrade may be a moot point anyway. It has to do with flash content embedded in PDFs--the default PDF reader in OS X, Preview, ignores this bogus content (because it's brand-new, and nobody has ever used it except for transmitting viruses). If you're using something else, like, say, a full version of Acrobat, then you either have the necessary updates in there already courtesy of Adobe, or you have nobody to blame but yourself.

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.Too funny when in the other world (Windows), this would be a common issue from home to Enterprise :P

Funny how I only hear Mac users complaining about Flash. It's a very Mac-ish, chic and elite thing to complain about Flash I suppose. And don't flatter yourself by saying that you are more technically inclined than Windows and Linux users, it'd just be sad.

Have you ever used Flash on a Mac?

Didn't think so.

Mac users aren't saying Flash, as it is on Windows, isn't good enough for them. Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude better than it is on OS X. Sadly, and for no good reason.

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.


Lol - who are macromedia? Adobe bought the company out more than a short while ago - this is an adobe product. And as far as "there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac." What a lot of utter rubbish. Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

Have you ever used Flash on a Mac?

Didn't think so.

Mac users aren't say Flash, as it is on Windows, isn't good enough for them. Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude than it is on OS X. Sadly, and for no good reason.

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

Lol - who are macromedia? Adobe bought the company out more than a short while ago - this is an adobe product. And as far as "there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac." What a lot of utter rubbish. Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

They don't go out of their way, they just don't optimize.

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

They're trying to be pragmatic. If it weren't there, then everything on the internet and Microsoft's TV commercials would be:

"Macs can't even play YouTube out of the box! hahaha OMG FAILZER!"

So, you gotta do what you can. The real world is a pain in the ass sometimes.

I updated the Flash player plug-in about 10 minutes ago and just tried printing this Safari page. It worked fine for me. Using SL with a Canon Pixma iP4300 printer.


Really? I have two printers (epson and an HP). I did have to reinstall drivers when I upgraded to snow leopard but after that, it printed perfectly. I know this because i printed my tickets yesterday.

This morning, I read this article, upgrade Flash because it seemed harmless. Now, Safari is acting weird and I still can't print. I select print and nothing happens (no print dialogue box)...and, I can no longer control the contents on the webpage (scroll...click...etc). I have to quit and it lets me. I'm using a macbook pro 15" intel core 2 duo.

You have no idea what you're talking about. The Java and Flash situations are totally different, with different ownership, licensing, and technical issues, and having nothing to do with each other. I'm not going to get into the issues with Java on the Mac, because it's irrelevant.

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software. Any software that is internet-aware and thus may have wider security issues absolutely MUST have it's own updating facility in this day and age. The fact that Flash doesn't should be the real scandal here.

I'd also like to point out that the vulnerability addressed in that upgrade may be a moot point anyway. It has to do with flash content embedded in PDFs--the default PDF reader in OS X, Preview, ignores this bogus content (because it's brand-new, and nobody has ever used it except for transmitting viruses). If you're using something else, like, say, a full version of Acrobat, then you either have the necessary updates in there already courtesy of Adobe, or you have nobody to blame but yourself.

So can you please enlighten me why Apple is able to issue Java updates and not Flash-updates as part of their Software-Update procedure?

I would also be grateful for any information from Apples EULA that tells me that I have to update Flash myself, but for anything else on the OS I can rely on their Software-Updater, thank you very much.

By the way, because I am asking: Do you know of any other software shipped as part of the OS that I need to update manually?

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

Until most internet video sites get off their rear and start using technologies that don't suck as bad as flash we're pretty much stuck with it.

And to the people that are crying fanboy whenever someone points out Flash is a resource hog, it's kind of like screaming fanboy when someone points out a pile of garbage kind of smells. Are you really defending garbage as having a wonderful smell?

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.
I have a mid June 2009 15" MBP and just upgraded to SL.

Both PowerPoint 2004 and PowerPoint 2008 (and all Office 2004 / 2008 apps) work perfectly well.

No random shut down and restarts

No Network issues

Don't have illustrator, but all my other apps (Including Photoshop CS4 Extended) work perfectly.

I did not do a clean install and simply installed over Leopard.

Only issue I can find is that if I run Windows 7 in a VirtualBox environment, the DirectX 10 screensavers cause minor screen issues. Not sure if this is SL, VirtualBox or Windows 7.

I think you need to do further diagnostics. Start by opening console and checking what messages appear.

Phil

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software.
Well that sucks for Apple, but by including Flash they assume the responsibility for keeping it secure.
A user has not way of knowing what third party components are installed by the OS and have no obligation to search out fixes for apps they didn't install.

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

So the fact that the end user already did this, yet the Snow Leopard installer undid it is a "minor issue"? Tell me, after you've upgraded a vulnerable piece of software - do you continually go back and double-check that the specific upgrade wasn't somehow removed?

And no, keeping an eye out for new upgrades fixing new, different vulnerabilities does not count.

How is snow Leopard? Is it worth the upgrade?

Overall my Snow Leopard installation and experience so far has been pretty smooth - much closer to the 10.3 and 10.4 initial upgrade experience than to the rather problematic 10.5 one. This particular problem is a bit of a cock-up though.

I've only installed it on one of our computer's so far though - 2nd gen MacBook Air (1.83GHz, SSD drive). Will probably put it on one of the MacBook Pros this weekend.

Sorry to say this, because I will have SL delivered to my place tomorrow, but the last two times a new OS was released (Tiger and Leopard) I was around and I did not see all the negative comments I'm seeing with SL.
Plus, SL almost did not bring anything new to the user (besides some technology that still has to be taken advantage of or that only works in the most recent computers or GPUs). Both Tiger and Leopard brought tones of new features and apart from minor bugs you always find in version .0, most people acknowleged the faster/more capable OS.
And this is just the last thing with Flash. Come on Apple! How can they make such a childish mistake. Something so obvious that it was going to be discovered the first week upon release. Doesn't matter if it's important or just a minor flaw: news all over the internet (specially windows biased places) are going to say: "New OS by Apple makes your computer more vulnerable" "New OS downgrades applications on install", etc. That is going to happen and Apple should have forseen that.
Now Idon't really know what to do. I ordered before I knew all this bugs people are reporting. Should I have known that, I wouldn't have ordered. But now, I don't know if it is a good idea to install it before .1

Okay - just tell us to hit the update button and that's all. it's obvious that an upgrade will overwrite most of the existing system files - and seeing that flash comes with the OS, one can consider it as part of the OS upgrade. Of course the disc is not burned and posted overnight - it's done weeks ago and the flash installation was packed even before that when they compiled the OS.

Why is the article written in such as way that the entire operating system seems flawed and that the world is going to end and we're all gonna die!? lol too sensational and melodramatic :P

Is the "latest" Flash version from Adobe Snow Leopard compatible? I remember when upgrading to Leopard you had to use the bundled version for some time until Adobe released a new one.

Yes, it works fine (on Firefox anyway).

Until most internet video sites get off their rear and start using technologies that don't suck as bad as flash we're pretty much stuck with it.

And to the people that are crying fanboy whenever someone points out Flash is a resource hog, it's kind of like screaming fanboy when someone points out a pile of garbage kind of smells. Are you really defending garbage as having a wonderful smell?

They're trying to be pragmatic. If it weren't there, then everything on the internet and Microsoft's TV commercials would be:

"Macs can't even play YouTube out of the box! hahaha OMG FAILZER!"

So, you gotta do what you can. The real world is a pain in the ass sometimes.

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?

So can you please enlighten me why Apple is able issue Java updates and not Flash-updates as part of their Software-Update procedure?

Because Java has a different license, as I already said. You're not paying attention, which makes your attempt at condescension pretty ridiculous.

I would also be grateful for any information from Apples EULA that tells me that I have to update Flash myself, but for anything else on the OS I can rely on their Software-Updater, thank you very much.

What in the world are you talking about?

By the way, because I am asking. Do you know of any other software shipped as part of the OS that I need to update manually?

Thankfully, Apple has to ship a lot less proprietary third-party software with their OS than they used to. I am nearly positive that the Flash libraries and plugin are the only third-party software in recent versions of OS X that is too stupid to update itself as necessary. Apple does not update any third-party software unless it carries an open license, such as certain printer drivers. Java is a special case that's not relevant to any other software, as its a strange meld of both third-party packages with (somewhat) open licensing, and code from Apple themselves. Flash is strictly a third-party, proprietary package, whose license, incidentally, requires using their own installer for all installs and upgrades:

http://www.adobe.com/products/players/fpsh_distribution1.html

Apple CANNOT LEGALLY UPDATE FLASH THROUGH SOFTWARE UPDATE.

End of story.

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?

Every install of Windows I've done has included Flash, but I'll admit that I haven't installed every variety of every version of Windows (and haven't touched 7 at all yet).

Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

That's the general understanding, and what the guy above your post just said:
"Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude better than it is on OS X. Sadly, and for no good reason."

OMG, you mean I have to spend another 10 min to upgrade Flash? Say it ain't so.

Well that sucks for Apple, but by including Flash they assume the responsibility for keeping it secure.
A user has not way of knowing what third party components are installed by the OS and have no obligation to search out fixes for apps they didn't install.

You're right. And Apple is legally allowed to include Flash in the OS, but the license specifically disallows them from updating it. IE updates itself as necessary; Safari updates itself as necessary; Firefox updates itself as necessary; Unison, Transmit, Skype, on and on. Do you see a pattern emerging? Even if Apple were legally allowed to update Flash, they couldn't reliably do so without cooperation from Adobe, and Adobe is so ********* that Flash is the *only popular internet-aware software in the universe* that doesn't keep on top of its own security updates. What do you expect Apple to do? Complain to Adobe.

And I'll repeat: the vulnerability we're talking about requires you to go out of your way to invoke it. It isn't passive. If Flash is sitting on your system but you don't deliberately use it to open malicious PDFs in Safari (something that will never happen by default), you are safe. Apple didn't leave a live grenade in there. You have to unlock the munition box and pull the pin, and if you do so, then what happens is between you and the maker of the grenade.

You're right. And Apple is legally allowed to include Flash in the OS, but the license specifically disallows them from updating it. IE updates itself as necessary; Safari updates itself as necessary; Firefox updates itself as necessary; Unison, Transmit, Skype, on and on. Do you see a pattern emerging? Even if Apple were legally allowed to update Flash, they couldn't reliably do so without cooperation from Adobe, and Adobe is so ********* that Flash is the *only popular internet-aware software in the universe* that doesn't keep on top of its own security updates. What do you expect Apple to do? Complain to Adobe.

Why didn't the installer just check the version of the currently installed Flash player? If it's a higher version than the one bundled with the OS - don't touch it! BAM - problem solved!

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.

Some of you sheep will excuse anything that Apple does.

Why didn't the installer just check the version of the currently installed Flash player? If it's a higher version than the one bundled with the OS - don't touch it! BAM - problem solved!

Again, because we're not talking about an update. We're talking about an OS reinstall. They would have to leave Safari alone also, because the Flash install targets the browser and version. That's essentially untenable, especially when the vulnerability we're talking about requires the user to go far, far out of their way to trigger. There has not been a single report of this exploit hitting an unwitting victim.

Some of you sheep will excuse anything that Apple does.

It's really not a big deal.

I'm not about to get all cooked over a Flash update. :rolleyes:

Some of you sheep will excuse anything that Apple does.

Some of you sheep know nothing about software, responsibility to users, or evaluating risk in the bigger picture.

How is snow Leopard? Is it worth the upgrade?

There may be behind the scenes benefits. The upgrade took me about 18 hours, and I ended up having to nuke my startup disk, recreate it, restore from backup (you know now long that takes?) update that, and then deal with the things that SL broke, including:

Appletalk: gone. Trusty appletalk printer now unusable
mysql: SL breaks it, and you have to start over from scratch. Pray that you don't have irreplaceable data.

I haven't gotten to PHP and other things yet. :mad:

So the fact that the end user already did this, yet the Snow Leopard installer undid it is a "minor issue"? Tell me, after you've upgraded a vulnerable piece of software - do you continually go back and double-check that the specific upgrade wasn't somehow removed?


Thank you. So simple a concept, but because it's Apple doing it, it's cool for some of these people. The same people who would gnash their teeth and tell you how much Microsoft sucked if their new OS downgraded software. Call a spade a spade, folks.

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

- For PowerPoint I guess you have to wait for an update that fixes compatibility with Snow Leopard. Many other companies are issuing Snow Leopard compatibility updates as a matter of fact.
- No random shutdown on my yet poor little Mac Mini
- No problem accessing my local network with Windows machines
- Illustrator: see first point

Try reinstalling. I did a clean install on my machine but a simple upgrade works very well. Your Mac Pro deserves and cries for Snow Leopard, so don't throw the towel. Be positive, life is great ;-)

You're right. And Apple is legally allowed to include Flash in the OS, but the license specifically disallows them from updating it. IE updates itself as necessary; Safari updates itself as necessary; Firefox updates itself as necessary; Unison, Transmit, Skype, on and on. Do you see a pattern emerging? Even if Apple were legally allowed to update Flash, they couldn't reliably do so without cooperation from Adobe, and Adobe is so ********* that Flash is the *only popular internet-aware software in the universe* that doesn't keep on top of its own security updates. What do you expect Apple to do? Complain to Adobe.

Well, yes. I do expect Apple to work with Adobe to address the issue. I don't understand why people feel that it's unreasonable to expect Apple to take responsibility for their OS's security.
I would prefer that Flash not have been installed in the first place, but since it's there, here are some actions that Apple could take:

Apple could issue an update to disable the old version, forcing the user to manually update.

Apple could have Safari issue a warning a launch that Flash is out of date and is putting the machine at risk. Redirect the user to the Flash download page.

Or (God Forbid) maybe even talk to the product manager at Adobe to obtain the rights to push a secure version.

Some of you sheep know nothing about software, responsibility to users, or evaluating risk in the bigger picture.

Then enlighten us, professor.

Thank you. So simple a concept, but because it's Apple doing it, it's cool for some of these people. The same people who would gnash their teeth and tell you how much Microsoft sucked if their new OS downgraded software. Call a spade a spade, folks.

Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations.

It'd be nice if the Flash plugin were sane like every other internet software in existence and took responsibility for its own security updates, but since it doesn't, your beef is with Adobe. Not Apple.

And every installation of Windows, along with every other OS ever made in history, does this. Sorry to break it to you. It's just a fact of life until someone comes up with something better.

Then enlighten us, professor.

Read the last three pages. I don't need to repeat it.

Then enlighten us, professor.

Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations.

It'd be nice if the Flash plugin were sane like every other internet software in existence and took responsibility for its own security updates, but since it doesn't, your beef is with Adobe. Not Apple.

And every installation of Windows, along with every other OS ever made in history, does this. Sorry to break it to you. It's just a fact of life until someone comes up with something better.

Clear?

Well, yes. I do expect Apple to work with Adobe to address the issue. I don't understand why people feel that it's unreasonable to expect Apple to take responsibility for their OS's security.

It is secure, inasmuch as they can control in this instance. Do you know what the vulnerability in question is?

Apple could issue an update to disable the old version, forcing the user to manually update.

Oh, my god. Breaking a single piece of third-party software intentionally? Aside from totally pissing off users, it's a surety that this would break their licensing agreement with Adobe, and possibly break the law.

Apple could have Safari issue a warning a launch that Flash is out of date and is putting the machine at risk. Redirect the user to the Flash download page.

This would be nice, if there were a non-onerous, reliable way to do it. I don't know that there is (or that there isn't).

Or (God Forbid) maybe even talk to the product manager at Adobe to obtain the rights to push a secure version.

I'm sure they have. What happened is that, for reasons that nobody knows (probably hung up with the lawyers as usual), that approval wasn't ready when SL was (the Flash update was still quite new when SL hit its release build). Not surprisingly, Apple decided that pushing back the ship date on their new OS over a vulnerability that has not affected a single person in the wild wasn't a good decision.

Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations.

It'd be nice if the Flash plugin were sane like every other internet software in existence and took responsibility for its own security updates, but since it doesn't, your beef is with Adobe. Not Apple.

And every installation of Windows, along with every other OS ever made in history, does this. Sorry to break it to you. It's just a fact of life until someone comes up with something better.

Your explanations make sense, and I don't want to imply that they don't. But even something this insignificant lends support to the beta testers who said for weeks that Snow Leopard was not ready for release and needed more work. I tend to agree with them.

No big deal here. Just go to adobe's website, right-click (or control click) on the animation on the front page, and select About. It will redirect you to another page where you can see the version installed.

Just go back if you don't have the latest version, download and install it. Takes 2 minutes. Restart your browser and done.

I don't see what the big fuss is about.

Clear?

That this is looking more and more like a release that was not ready for mass consumption? Yes. As I've said before, I'm considering myself extremely lucky to have run across the relatively few issues I've had with Snow Leopard so far, based on the number of gripes from friends of mine and folks here on these forums.

Your explanations make sense, and I don't want to imply that they don't. But even something this insignificant lends support to the beta testers who said for weeks that Snow Leopard was not ready for release and needed more work. I tend to agree with them.

I have some sympathy for that, but you can't expect a company to hold up the release of a flagship product while lawyers dicker over the conditions to distribute a third-party update for a vulnerability that, again, hasn't affected a single person in the wild.

That context is critical. If this were a vulnerability that was being actively exploited I would absolutely agree that Apple has a responsibility to be far more proactive. But that isn't the case. It's a vulnerability that has not been reported to have hit a single unsuspecting user, because you have to go so far out of your way to activate it.

It's really not a big deal.

I'm not about to get all cooked over a Flash update. :rolleyes:


Adobe has released updated Mac, Windows and Linux distributions of Flash Player, bringing old and new editions of the software up to v9.0.246.0 and v10.0.32.18, respectively. Matching these are v9.1.3 releases of Reader and Acrobat. Some 12 Flash vulnerabilities are said to have been closed in Adobe software, 10 of which could be used to assume full or partial control of a computer. ( See: http://www.macnn.com/articles/09/07/31/adobe.fixes.12.flash.bugs/ (http://www.macnn.com/articles/09/07/31/adobe.fixes.12.flash.bugs/))


Yeah, not a big deal at all. [/sarc]

One more reason to wait for 10.6.1 (http://www.appleinsider.com/articles/09/09/03/apple_already_testing_mac_os_x_10_6_1_update.html).

That this is looking more and more like a release that was not ready for mass consumption? Yes. As I've said before, I'm considering myself extremely lucky to have run across the relatively few issues I've had with Snow Leopard so far, based on the number of gripes from friends of mine and folks here on these forums.

Unfortunately, when you're talking about something like an OS it's never "ready for mass consumption" on the first release. But, if you don't release it and expose it to the wide variety of user environments that flush out those bugs, it never will be.

It's a chicken and egg that we have no answer for, so we live with it and early adopters should know what they're getting.

I have some sympathy for that, but you can't expect a company to hold up the release of a flagship product while lawyers dicker over the conditions to distribute a third-party update for a vulnerability that, again, hasn't affected a single person in the wild.

That context is critical. If this were a vulnerability that was being actively exploited I would absolutely agree that Apple has a responsibility to be far more proactive. But that isn't the case. It's a vulnerability that has not been reported to have hit a single unsuspecting user, because you have to go so far out of your way to activate it.

Understood. Thanks for taking the time, man.

You have really bought Apple's side of the coin, haven't you? Flash is a fantastic product that has delivered so much for the Internet as we know it today.

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.

As another member posted in reply to you, no it's not. Flash, imho, is terrible and I've hated it for 10 years (7 years more than I've owned a Mac for). Adobe, because Macromedia have been defunct for 4 years now.. so I'm not sure why you keep mentioning them, are the ones responsible for providing a stable release on an OS, not Apple. If they can't do it due to an OS reason they should challenge Apple.. if it goes ignored, clearly inform the public until something is done about it. Releasing a half arsed product that is hated by a considerable amount of people doesn't help anyone.

(Even if it ran brilliantly, I'd still disable it as except for video delivery and the odd web game, as mentioned above... I hate it.)

With regards to this downgrade, has it been listed what vulnerabilities there are in this version and whether it affects 10.6 users? It's a bad move on Apple's behalf to not have a checker ensure that a newer version wasn't overwritten, no doubt. How many people were using a new version tho, as Flash doesn't automatically update itself from what I've noticed.

Because Java has a different license, as I already said. You're not paying attention, which makes your attempt at condescension pretty ridiculous.


What in the world are you talking about?


Thankfully, Apple has to ship a lot less proprietary third-party software with their OS than they used to. I am nearly positive that the Flash libraries and plugin are the only third-party software in recent versions of OS X that is too stupid to update itself as necessary. Apple does not update any third-party software unless it carries an open license, such as certain printer drivers. Java is a special case that's not relevant to any other software, as its a strange meld of both third-party packages with (somewhat) open licensing, and code from Apple themselves. Flash is strictly a third-party, proprietary package, whose license, incidentally, requires using their own installer for all installs and upgrades:

http://www.adobe.com/products/players/fpsh_distribution1.html

Apple CANNOT LEGALLY UPDATE FLASH THROUGH SOFTWARE UPDATE.

End of story.

I read your reply pretty thoroughly. I apologize to have not informed myself so throughly about Apples Third Party Licensing issues than you.
Yes, and I am pretty ignorant about it, as long as it 'just works'.
(Just noticed: according to your link, Flash should have never been installed in the first place)

So my question is: How, as an Apple-User, am I to know that I have one piece of software on my computer that I need to update myself? Has Apple EVER informed me about this fact?

And I do not care about their licensing issues. If they can not resolve them, they should stop installing this stuff. What else might there be in hiding?

What a pure whine-thread.

I would just like to say thanks to MacRumors for the heads-up. Sure 'nuf, my Snow Leopard MacBook was on the old version.

How prevalent in the wild are malicious flash pages that take advantage of these vulnerabilities?

So my question is: How, as an Apple-User, am I to know that I have one piece of software on my computer that I need to update myself? Has Apple EVER informed me about this fact?

And I do not care about their licensing issues. If they can not resolve them they should stop installing this stuff. What else might there be in hiding?

This is another argument I have some sympathy for. Apple could say "Hey, Flash is dumb so you'll need to update it yourself", but I have to think that will only make their issues with Adobe worse. And yeah, not installing it at all would probably be the "right" thing to do, but it just isn't realistic in this era. Flash is mostly used for ****** banner ads, but the one thing almost everyone uses that needs it is YouTube. If YouTube "didn't work" on a Mac, it'd be doomsday.

The bottom line is that Apple is trying to figure out the best line they can here in a crap situation. Adobe are the creators and owners of Flash. It is their responsibility. If they can't figure out a sane way to keep it updated for its own security, they are the proper target of anger.

I would just like to say thanks to MacRumors for the heads-up. Sure 'nuf, my Snow Leopard MacBook was on the old version.

How prevalent in the wild are malicious flash pages that take advantage of these vulnerabilities?

They are essentially non-existent, and if they did exist, you wouldn't be vulnerable unless you had reconfigured your browser to use the Flash plugin to read PDFs instead of using Preview.

Sophos, who wrote the inflammatory press release quoted at the top here, have a vested interest in making it sound awful even though there is not a single reported instance of this hitting a user in the wild. Why? They're trying to sell security products to businesses. (Sophos is also known for being much less respectable in this game than, say, Norton--not that Norton is great, but Sophos tends to live in the gutter).

That context is critical. If this were a vulnerability that was being actively exploited I would absolutely agree that Apple has a responsibility to be far more proactive.

The context is that the vendor has acknowledged a potential vector for remote code execution that would only require the user to visit a compromised site. Most security experts would consider this a 'critical' vulnerability. I don't think that Apple should be rushing to any solution here since, as you said, it is not currently being exploited; however, they do have a long term obligation to address this.

For those saying that this is not big deal: yes, the fix is easy for users who are aware of the problem, but the majority of users aren't.

The context is that the vendor has acknowledged a potential vector for remote code execution that would only require the user to visit a compromised site. Most security experts would consider this a 'critical' vulnerability. I don't think that Apple should be rushing to any solution here since, as you said, it is not currently being exploited; however, they do have a long term obligation to address this.

For those saying that this is not big deal: yes, the fix is easy for users who are aware of the problem, but the majority of users aren't.

But it doesn't only require the user to visit a compromised site. That's true on Windows, but not on OS X. Not because of some inherent superiority, but just the details of how the browsers on each platform handle PDFs.

The update for Adobe Flash Player and Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862).

The update for Adobe Flash Player resolves a privilege escalation vulnerability that could allow someone with desktop access to gain administrative privileges on the Macintosh operating system (CVE-2009-1863).

The update for Adobe Flash Player and Adobe AIR resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864).

The update for Adobe Flash Player and Adobe AIR resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865).

The update for Adobe Flash Player and Adobe AIR resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866).

The update for Adobe Flash Player and Adobe AIR resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).

The update for Adobe Flash Player and Adobe AIR resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868).

The update for Adobe Flash Player and Adobe AIR resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).

The update for Adobe Flash Player and Adobe AIR resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870).

But it doesn't only require the user to visit a compromised site. That's true on Windows, but not on OS X. Not because of some inherent superiority, but just the details of how the browsers on each platform handle PDFs.

I haven't looked into the specifics of each issue, but when you combine privilege escalation and remote code execution, you should not consider yourself safe.

But again. this looks very hard to exploit and there are no know exploits in the wild

The update for Adobe Flash Player and Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862).

The update for Adobe Flash Player resolves a privilege escalation vulnerability that could allow someone with desktop access to gain administrative privileges on the Macintosh operating system (CVE-2009-1863).

The update for Adobe Flash Player and Adobe AIR resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864).

The update for Adobe Flash Player and Adobe AIR resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865).

The update for Adobe Flash Player and Adobe AIR resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866).

The update for Adobe Flash Player and Adobe AIR resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).

The update for Adobe Flash Player and Adobe AIR resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868).

The update for Adobe Flash Player and Adobe AIR resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).

The update for Adobe Flash Player and Adobe AIR resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870).

Yes, and each of these that have exploits available are related to the same issue with Flash-embedded PDFs, which is not going to affect any Macintosh user unless they've gone out of their way to perversify their system. Any user that has used command-line hacks to change the PDF handling in Safari is capable of being responsible for their own security updates. This should get corrected, but the urgency is very, very low.

What a pure whine-thread.

Word up!

Yes, and each of these that have exploits available are related to the same issue with Flash-embedded PDFs, which is not going to affect any Macintosh user unless they've gone out of their way to perversify their system. Any user that has used command-line hacks to change the PDF handling in Safari is capable of being responsible for their own security updates. This should get corrected, but the urgency is very, very low.

Thanks, I did not realize that.

This is another argument I have some sympathy for. Apple could say "Hey, Flash is dumb so you'll need to update it yourself", but I have to think that will only make their issues with Adobe worse. And yeah, not installing it at all would probably be the "right" thing to do, but it just isn't realistic in this era. Flash is mostly used for ****** banner ads, but the one thing almost everyone uses that needs it is YouTube. If YouTube "didn't work" on a Mac, it'd be doomsday.

The bottom line is that Apple is trying to figure out the best line they can here in a crap situation. Adobe are the creators and owners of Flash. It is their responsibility. If they can't figure out a sane way to keep it updated for its own security, they are the proper target of anger.

And I stand by my argument: Apple needs to do something!

I annoys me to hell, that after 1 1/2 years of using a Mac and trying to maintain an up-to-date and secure system, I suddenly find out that it has been my responsibility to update this certain piece of software manually.:mad:

There is just no excuse for this.

And I stand by my argument: Apple needs to do something!

I annoys me to hell, that after 1 1/2 years of using a Mac and trying to maintain an up-to-date and secure system, I suddenly find out that it has been my responsibility to update this certain piece of software manually.:mad:

There is just no excuse for this.

But what can Apple do? They should do "something" you say, but it isn't their software and they have no right to do anything to it.

In a larger sense, your expectations are unfortunately unrealistic. No OS vendor, whether it's Apple, Microsoft, Sun, SGI, any of the Linux distributers... none of them can take responsibility for every piece of software on the system, because it's not all their software. That's just how it is and will always be, unless you want personal computers to work like mainframes. If you want IBM to sell you the entire ecosystem, and test and guarantee it... get out your checkbook. And win the lottery.

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?

It does, for IE.

If you want Flash on any other browser, you have to install it yourself (since Flash for IE apparently isn't compatible with any other browser, or at least not the version installed by default).

This pre-installed version has the exact same flaw that the one Apple includes does: there is no built-in mechanism for updating it via Windows Update... Adobe Update isn't installed by default (and Adobe Update doesn't offer flash updates)... and odds are you don't even know you need to update it yourself.

oh wow. apple needs to fix this asap. i wonder how they let this happen

oh wow. apple needs to fix this asap. i wonder how they let this happen

Did you read any of this thread?

Sophos, who wrote the inflammatory press release quoted at the top here, have a vested interest in making it sound awful even though there is not a single reported instance of this hitting a user in the wild. Why? They're trying to sell security products to businesses. (Sophos is also known for being much less respectable in this game than, say, Norton--not that Norton is great, but Sophos tends to live in the gutter).

As soon as I saw the name Graham Cluely I knew this would be a minor issue blown out of all proportion. Having met him as well.....

And I stand by my argument: Apple needs to do something!

I annoys me to hell, that after 1 1/2 years of using a Mac and trying to maintain an up-to-date and secure system, I suddenly find out that it has been my responsibility to update this certain piece of software manually.:mad:

There is just no excuse for this.

Apple real was trying to make our lives easier by including Flash in the default install. It backfired because it's difficult to maintain, both technically and legally.
Your risk is really very low and hopefully Apple can find some solution before there is a need to really worry.
If your at all technically savvy, just run the update manually; If not, there isn't much to worry about yet.

But what can Apple do? They should do "something" you say, but it isn't their software and they have no right to do anything to it.

In a larger sense, your expectations are unfortunately unrealistic. No OS vendor, whether it's Apple, Microsoft, Sun, SGI, any of the Linux distributers... none of them can take responsibility for every piece of software on the system, because it's not all their software. That's just how it is and will always be, unless you want personal computers to work like mainframes. If you want IBM to sell you the entire ecosystem, and test and guarantee it... get out your checkbook. And win the lottery.

:o It seems I am not getting through to you :o

It is as simple as this: The entity that installs the stuff is responsible to update or explicitly inform the user that it needs to be done manually.

If I had installed Flash myself, I could be expected to update it. Since Apple installed it as part of their OS (I have no Flash icon in my Application folder), it is their responsibility to update or inform me about the fact that I need to do it myself.

That this is looking more and more like a release that was not ready for mass consumption? Yes. As I've said before, I'm considering myself extremely lucky to have run across the relatively few issues I've had with Snow Leopard so far, based on the number of gripes from friends of mine and folks here on these forums.

something you need to keep in mind is that the majority (if not all of) these complaints/bug reports are coming from tech-savvy people whose typical workflow includes pushing almost every angle of an OS to its limits (via processor/memory-intensive applications that your average OS X user just plain-and-simple will never use)... as for the overwhelming, satisfied majority who have yet to experience any problems with Snow Leopard, it'd make sense that you wouldn't see them stopping by a forum to rant about it. plus, it's common knowledge that one should inquire from a broad spectrum of individuals before coming to a conclusion about something, thereby avoiding any bias toward/against whatever it is you're inquiring about- and you're going to get an extremely narrow point of view by looking here, IMHO.

as for my experience with Snow Leopard so far, it has been seven days, and I have yet to experience a single bug... and that's while using a wide variety of applications. so to The Razor's conclusion that SL "sucks ass" and that one should essentially avoid it at all costs, and based a very small handful of "bugs,' I have to strongly disagree (no random shut-down/restarts and no networking issues, though about the other two issues, there's a good chance that Microsoft and Adobe will issue SL-compatibility updates for those applications soon).

and finally, in reply to the OT, exactly what about the less than two minutes it should take to download/install this update is causing so many of you to fly off on a rant? I'd give my opinions, but coleridge78 pretty much took the words out of my mouth...

Despite what some of the usual suspects may feverishly try to downplay, Apple is not free of blame here. They're not the worst OS vendor in the world as some would like to sensationalize either.

If they plan to include 3rd party software for their users, they have an obligation to inform them that it may not be a downgrade and in many instances require an update.

The problem isn't just that a third party updater isn't bundled in the OS (doubt they could even do that), but that a user has no idea that their software has been downgraded. That is reprehensible.

:o It seems I am not getting through to you :o

It is as simple as this: The entity that installs the stuff is responsible to update or explicitly inform the user that it needs to be done manually.

If I had installed Flash myself, I could be expected to update it. Since Apple installed it as part of their OS (I have no Flash icon in my Application folder), it is their responsibility to update or inform me about the fact that I need to do it myself.

You got through the first time. I understand and have sympathy for what you're saying.

But in the real world, Apple is not allowed to update Flash (the owners of Flash have not given them the rights to do so), and they cannot realistically not include it (yet, though they're working towards it). Flashing warnings about it will make their efforts to work out issues with Adobe even harder. I just don't see any good options for them, and meanwhile Adobe CAN control it by not abdicating responsibility for their own software's security. I can't really see the sense in being mad at Apple, as opposed to Adobe.

:o It seems I am not getting through to you :o

It is as simple as this: The entity that installs the stuff is responsible to update or explicitly inform the user that it needs to be done manually.

If I had installed Flash myself, I could be expected to update it. Since Apple installed it as part of their OS (I have no Flash icon in my Application folder), it is their responsibility to update or inform me about the fact that I need to do it myself.

Agreed, but give Apple time to come up with a proper solution. In the meantime your risk exposure is still very low.

Despite what some of the usual suspects may feverishly try to downplay, Apple is not free of blame here. They're not the worst OS vendor in the world as some would like to sensationalize either.

If they plan to include 3rd party software for their users, they have an obligation to inform them that it may not be a downgrade and in many instances require an update.

The problem isn't just that a third party updater isn't bundled in the OS (doubt they could even do that), but that a user has no idea that their software has been downgraded. That is reprehensible.

If a user doesn't realize that re-installing their OS will, well, re-install the OS (back to a certain tested baseline), then their own absurd expectations (that they would never have in any other area of their life, where common sense tends to kick in more often) are reprehensible.

Why didn't the installer just check the version of the currently installed Flash player? If it's a higher version than the one bundled with the OS - don't touch it! BAM - problem solved!

Because flash uses Installer.app, but doesn't leave a 'receipt'. There is no reliable way for Apple's installer to check for the existence of an installed system-component that doesn't.

Stuff you drop in Applications or your user folder tends to be different, because Apple can identify what is a system file and what isn't. Flash is both user upgradable, and installed by the OS, so without that receipt, the installer can do nothing to detect what version it is.

Thanks!

I tells me I have version 10,0,22,87 installed.

I was never even aware that I need to install this stuff from Adobe. :eek:
Run Leopard with all Security Updates applied, and I find it kind of lame that Apple does not update the stuff it ships on their computers.

Technically, you don't need the update unless the site you are going to is using advanced features of CS4 Flash. The reason you haven't seen an update request because the flash sites you visit are probably setting the compatibility for earlier versions of flash. I always set my sites to at least Flash 8. You can't guarantee, as you have just witnessed, that everyone is running the latest greatest.

If you needed an upgrade, the site you are visiting would typically tell you to upgrade you.

You have really bought Apple's side of the coin, haven't you? Flash is a fantastic product that has delivered so much for the Internet as we know it today.

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.

Seriously? Flash is a non-standardized, closed and binary format that is a drain on the internet. If flash didn't exist, SVG and other standard technologies would be flourishing. Even Adobe fought against Flash until they bought Macromedia. Luckily Apple is still putting up the good fight with Webkit.

Funny how I only hear Mac users complaining about Flash. It's a very Mac-ish, chic and elite thing to complain about Flash I suppose. And don't flatter yourself by saying that you are more technically inclined than Windows and Linux users, it'd just be sad.

I've been complaining about Flash since the first day I hi "View Source" in Internet Explorer on Windows 98 and got NOTHING. If you can't view the source, its not the web.

Until most internet video sites get off their rear and start using technologies that don't suck as bad as flash we're pretty much stuck with it.

YouTube has already moved to a flash-neutral video format, and Vimeo is headed that direction. I think that covers the majority of online video. The end for flash video is near.

Well that sucks for Apple, but by including Flash they assume the responsibility for keeping it secure.
A user has not way of knowing what third party components are installed by the OS and have no obligation to search out fixes for apps they didn't install.

I completely agree. I've never seen Software Update offer me a Flash upgrade, either, so it looks like most users will be stuck with it until the next time they update their OS.

The bottom line is that Apple is trying to figure out the best line they can here in a crap situation. Adobe are the creators and owners of Flash. It is their responsibility. If they can't figure out a sane way to keep it updated for its own security, they are the proper target of anger.

I reallly wish (as a developer) Flash had some auto-upgrade feature. They really should just because of the security implications. A lot of people are stuck on Flash 8 or 9, which besides having serious security holes, also don't support standard h.264 video, so I have to encode my videos twice - once for old Flash and once for new Flash/iPhone/Safari.

How many people were using a new version tho, as Flash doesn't automatically update itself from what I've noticed.
This is something that I am curious about as well. If flash doesn't popup with a notfication that there is a newer version then how many users actually upgraded to the latest version?

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

My experience with Snow Leopard is exactly the opposite of yours. The upgrade install went off without a hitch (on all three Macs we have here: Mac Pro, Mac Book Pro and iMac). All current versions of all software work fine with no problems (including Word, Excel, Powerpoint, VMWare Fusion, Parallels Desktop, Adobe Photoshop Elements, Cubase, Logic and many more). All our printers (Brother and HP lasers and ink jets) were installed during the upgrade with no problems. And, we have seen a noticeable increase in speed on all thee machines. The bonus however, is that battery life on the Mac Book Pro has actually increased by about 10%.

Why my experience is so much different from yours is not clear. However, one possible reason could be that you may have installed some third party plugins and/or system hacking programs on your mac before you tried to upgrade which always makes upgrades tricky. If you did not do this, then perhaps you have some hardware issues? I don't know, but I can tell you that I found SL to be a wonderful and easy upgrade here.

Those are pretty unusual praise from me as those that know me on this forum are aware that I am quite a complainer normally.

Dave

This is something that I am curious about as well. If flash doesn't popup with a notfication that there is a newer version then how many users actually upgraded to the latest version?

Outside of developers or that .0001% who are intensive Flash-based gamers, zero. Almost literally.

People who are Flash developers and are complaining about this are especially ridiculous. You're a developer, and you're blindly running an installer that is changing your whole system without expecting to have to do some manual updates afterwards? Are you *kidding* me?

Congratulations to Coleridge for being so patient, and continuing replying with software / OS facts, and realistic analysis of Apple's choice.

This is something that I am curious about as well. If flash doesn't popup with a notfication that there is a newer version then how many users actually upgraded to the latest version?

We are all mistaken. :eek:

Apple does indeed update Flash automatically in their Security Updates.

I found this in their Security Update description http://support.apple.com/kb/HT3549:
(I is just that they are a little late in supplying the latest and greatest version.)



Flash Player plug-in

CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html

We are all mistaken. :eek:

Apple does indeed update Flash automatically in their Security Updates.

I found this in their Security Update descriptions:
(I is just that they are a little late in supplying the latest and greatest version.)



Flash Player plug-in

CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html

This is very interesting. They've never issued an update for Flash via SW Update before. Adobe granted them special permission for this one.

This is very interesting. They've never issued an update for Flash via SW Update before. Adobe granted them special permission for this one.

Not true.

It is certainly not the first update. I found several more, this was just the most recent one (start looking here: http://support.apple.com/kb/HT1222).
So the Apple-Adobe relationship is maybe not as bad as you made it out.

However, it is good to know that these things get addressed by Apple, even if they could be a bit speedier sometimes...
(time to close this thread :))

Yes, and each of these that have exploits available are related to the same issue with Flash-embedded PDFs, which is not going to affect any Macintosh user unless they've gone out of their way to perversify their system. Any user that has used command-line hacks to change the PDF handling in Safari is capable of being responsible for their own security updates. This should get corrected, but the urgency is very, very low.
Excuse me? I haven't done any command line hacking and yet PDF's are opened by Safari in the browser by default.

Average Joe user might even check his Safari Preferences – good for him – to find what again? Right. Not a single setting about file associations can be found there! So how do we fix this?

I suppose the Flash update wasn't included in the 10A432 release because it was released too late. The kernel was done the following day, on the 31st. Apple probably didn't have enough time to include the update to make the August 28th release date.

All the people bashing Apple on this are obviously not people that do their research at all. Do you know that the suspected gold master was suggested on August 11th and that the last Flash Player update was July 30th?. How long do you think it takes to ramp up a batch of pressed disks and get them ready for distribution? I suspect that Apple decided gold master version before the 30th to ensure that they can make shipment when they wanted. Do you think they are going to call up the disk manufacturer and say "oh adobe released an update so scrap all the disks you already made and heres a new one with the adobe update"? If Apple were to revise the disks every time a company updated if they were including a plugin in the installer the installer would never come.

The correct issue is why does Adobe not have an update in their software to automatically check to ensure its the most updated version. Firefox, Flip4Mac and hell even small plugins for ps3 media sharing update on my system automatically as new versions are found. Perhaps instead of bashing Apple for having to go to pressing with what was available at the time and not wasting money to update a third party plugin you should be sending emails to Adobe with questions as to why they can't write a simple version check into their app and have it update automatically?

Oh and for the love of god it is ADOBE Flashplayer not Macromedia as Adobe bought them out. If you are bitching about this and don't even know that a different company is providing this software you obviously have not been overly concerned about upgrades in the last three or four years. And I sincerely doubt this is some attempt to bash Adobe on Apple's part, since there would be no benefit to it. Apple might not think Flash is that important these days but Adobe is a big developer of software Mac users use and pushing them away would be of no value.

Interesting.

My Flash player was not downgraded after I installed Snow Leopard. I used the 'double check' button on the original post and my Flash version is listed as up to date. :confused:

Installing ClickToFlash (http://rentzsch.github.com/clicktoflash/) has probably been a better upgrade for me so far than SnowLeopard!*

Well I don't know about that but ClickToFlash is a revelation, thanks!

This is unpossible!!! Stop Lying!! Snow Leopard is Teh Secure!

Same here. Can somebody enlighten me how I can find out what flash-version is installed on my Mac?

Visit this page: http://www.adobe.com/software/flash/about/

Flash is a nightmare, regardless of what version, on OSX. Installing ClickToFlash (http://rentzsch.github.com/clicktoflash/) has probably been a better upgrade for me so far than SnowLeopard!* No more do I see Safari with about 20 tabs open hogging a ridiculous amount of CPU cycles, as all the awful Flash elements in sites I don't want anyway are now blocked. I've also set it to use h.264 for Youtube, but the beta (which is the only version that works on SL) seems to autoload videos now. I'm sure that didn't happen on the stable/10.5

Adobe need to take a leaf out of Apple's book and make CS5 a '0 new features' release at a minimum cost, and give OSX users a decent release of their software. Everything about CS4, even the installer, feels like a PC port. Apple users have been huge supporters of Adobe through the years and deserve some better treatment. Flash is only the (awful) tip of a (huge) iceberg. It's beyond me that some iPhone owners actually want this awful thing on their handsets...

* Not to put down SL in any terms, I thought it was a good update before I read the ARS Tech 23 page review, now I *know* it is! :)

Flash is .nice. on Windows, really nice. It sucks everything on OS X. Windows users buying iPhones want Flash. OS X users buying iPhones go crazy about CPU and battery and "OMG WE'RE ALL GOING TO DIE!"

:)

Flash makes my laptop run hot as hell - I use this no-flash plugin. Best policy.

Top post>>

bad luck. use CS1. clean out MSN apps. wise up;

And of course, you've done exhaustive testing to discover that Snow Leopard is the cause of these problems.

Get real, kid. :rolleyes:

What a tool you are. It's quite obvious that if someone had none of these problems, then did the SL upgrade and then had all of these problems ... hmmm, perchance SL had something to do with it. I mean it's one thing to love Apple and their products, but to be a ridiculous apologist who is incapable of reality is condemnable. This Flash issue ss the perfect example. Yeah, people should upgrade their stuff. But when people do, then an OS upgrade retrogrades it without notice, that's Apple's fault, not the end user. Take your own advice and ... get real, sport.

I farted at Walmart.

Yes, it works fine (on Firefox anyway).Well I like using Safari on OS X and FireFox on Windows.

I've been using FireFox under OS X since it doesn't beachball under Snow Leopard as often.

Well I don't know about that but ClickToFlash is a revelation, thanks!

Hehe, it's why I put the * in ;) Flash is my biggest pain in the ass, and CTF got rid of it (to a degree) so I have to throw it big props.

Flash is .nice. on Windows, really nice.

Eh, I don't agree. Flash is bearable on Windows? Possibly. I wouldn't describe it, regardless of it's performance on any OS, as 'nice' though. I'm all about the XHTML/CSS/PHP/MySQL, sites full of Flash just tend to be wastes of time. Entertaining wastes of time, sure, but a waste of time nonetheless (and the navigation systems are often a nightmare). I'm hoping HTML5s video embedding by default will catch on within the next 5 years.

Checking time machine backups show I was previously running Flash version 10.0.22.something on Leopard (I can't be bothered restoring to check exact version, just did a quick get info on the file).

So Snow Leopard actually updated the player.

Going back further shows different flash versions so it does obviously get updated from time to time, perhaps with Safari updates.

I've never updated manually, never even thought about it. Flash gets on my wick so I install ad block, no script on Firefox and now click to flash for Safari.

I will update now though!

This is something that I am curious about as well. If flash doesn't popup with a notfication that there is a newer version then how many users actually upgraded to the latest version?

I upgraded in Leopard, in order to get ready for our ESPN Fantasy Football league. Then I installed Snow Leopard last Friday. On Saturday, I lost out on my first pick because I could not click on anything on the draft board. I had to log in to my Windows laptop to finish the draft, because I didn't have the time to troubleshoot. Now it makes more sense as to what the problem was.

Grrrreeaaaaaat...........I upgraded and now any site with flash just freezes Safari. :rolleyes:

Now what? :confused:

You people don't get it.

We're not talking about a system update deciding to downgrade some third-party software. That would, indeed, suck.

We're talking about an OS REINSTALL. News flash, when you reinstall your OS, software that is bundled with the OS (like, say, browser plugins) overwrites the other version. If you've upgraded CUPS to the latest HEAD version on your system, installing a NEW OS is going to overwrite it.

What part of "Operating System installation" do people not understand? If you want to be sure that you're really, truly, only touching the OS and not the usual, tangentially-attached software, it's YOUR responsibility to do so by not blindly choosing the default install.

This is so moronic, even for the internet, that I'm sort of flabbergasted.

+1000

damn, people bitch about everything, depending on timing, dvd's might have been in the middle of being pressed anyway...

Ummmm, no. Flash is a horrible resource hog on all platforms, but it's exacerbated even further in OS X.

It's easy to discover those who can't maintain their computers by the amount they whine about Flash as a "resource hog." :rolleyes: Seriously, if Flash is really tanking your computer, you have some other serious problems going on with it.


I'll be getting Snow Leopard for free, but the disc is going to sit on my desk for a while until a lot of the problems are fixed. It's always best to wait a bit.

How can I go back to the previous version that worked?

It's easy to discover those who can't maintain their computers by the amount they whine about Flash as a "resource hog." :rolleyes: Seriously, if Flash is really tanking your computer, you have some other serious problems going on with it.What other serious problems? Flash playback is miserable in general but it is the worst under OS X. I've seen threads elsewhere complaining about the terrible bundled Flash plug-in with Snow Leopard before this security issue popped into the spotlight.

Let me ask you this: How could they possibly automatically update software that doesn't even seem to have a mechanism for updating itself?

Microsoft seem to manage it. I've had Windows/Microsoft update push critical flash fixes at me before.

In either case, if Apple update the flash player regardless of your wishes they have assumed responsibility for it. You/They can't have it both ways.

Microsoft seem to manage it. I've had Windows/Microsoft update push critical flash fixes at me before.

In either case, if Apple update the flash player regardless of your wishes they have assumed responsibility for it. You/They can't have it both ways.

Apple updates the installed Flash versions via their Software Updates.

See here: http://support.apple.com/kb/HT3549

They just have to issue the latest fixes...

I guess I'm the only one who always updates these kinds of things? I thought this was a given. But no, I guess people are too lazy to even bother updating a simple piece of software that they probably use daily.


Oh, wait, what am I saying? Oh Apple, how dare you! Grrr :rolleyes:

What a tool you are. It's quite obvious that if someone had none of these problems, then did the SL upgrade and then had all of these problems ... hmmm, perchance SL had something to do with it. I mean it's one thing to love Apple and their products, but to be a ridiculous apologist who is incapable of reality is condemnable. This Flash issue ss the perfect example. Yeah, people should upgrade their stuff. But when people do, then an OS upgrade retrogrades it without notice, that's Apple's fault, not the end user. Take your own advice and ... get real, sport.

Read it again, Reading Comprehension Man. They didn't upgrade. It's a new, totally different system. Sorry.

And nobody is blaming the end user. A sensible person blames Adobe, who doesn't provide modern update facilities for software that is internet-exposed to critical vulnerabilities.

Excuse me? I haven't done any command line hacking and yet PDF's are opened by Safari in the browser by default.

Average Joe user might even check his Safari Preferences – good for him – to find what again? Right. Not a single setting about file associations can be found there! So how do we fix this?

They're opened by the Preview engine. You have to change binary plist files in order to get them to be opened by the vulnerable Flash or Acrobat Reader engines.

Microsoft seem to manage it. I've had Windows/Microsoft update push critical flash fixes at me before.

In either case, if Apple update the flash player regardless of your wishes they have assumed responsibility for it. You/They can't have it both ways.

Well, as has been pointed out now I was wrong that they don't push Flash updates. Adobe seems to have an agreement to let them do so, though it seems to be only in the case of critical security fixes--not general updates--and in this instance they have. So, there ya go. Problem solved.

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.


Funny how I have all those programs too and this doesn't happen with my version of Snow Leopard. Hmm. I must have a defective installation, because somehow everything works quite beautifully. :rolleyes:

They're opened by the Preview engine. You have to change binary plist files in order to get them to be opened by the vulnerable Flash or Acrobat Reader engines.

Not true. When you install Acrobat it installs a plug-in that causes Safari to open PDFs in an Acrobat environment.

What other serious problems? Flash playback is miserable in general but it is the worst under OS X. I've seen threads elsewhere complaining about the terrible bundled Flash plug-in with Snow Leopard before this security issue popped into the spotlight.

And that's Adobe's fault? C'mon..

I will say this, however: Flash does not play well with Safari. Actually, media in general doesn't run well in Safari!! I've had no problems or performance issues using Flash in Firefox running on OS X. I also develop Flash applications on this system, and still no problems. I honestly don't know what people are complaining about or why their computers run poorly.

Not true. When you install Acrobat it installs a plug-in that causes Safari to open PDFs in an Acrobat environment.

Why the heck would you want to install Acrobat anyway on OS X?

Disappointing to find out that OS X installs Flash in the first place.

Is there a way to uninstall it?

Why the heck would you want to install Acrobat anyway on OS X?

Adobe Acrobat Pro can do a lot more than Preview. And Acrobat is installed with CS4.

Why is that installed?

Why is that installed?

Because you installed it...

If a user doesn't realize that re-installing their OS will, well, re-install the OS (back to a certain tested baseline), then their own absurd expectations (that they would never have in any other area of their life, where common sense tends to kick in more often) are reprehensible.

I disagree. It's not absurd to expect to have software as you had it before install. and if it's downgraded without warning, the user should be notified of the general risk.

Youre basically asserting that if I install SL and have CS3 installed on leopard, I should assume that all the updates Adobe has pushed over the last year have been removed? :confused:

It's not like Apple is some stupid company that didn't know how to check if your Mac is running certain versions of Flash or any other software. Apple obviously did this for a reason.


it's part of Steve's evil plot to take over the world.

Yep, Apple f'd this one up.

What is so hard to understand?
They ship it as part of their OS. So it stops beeing a third-party, user-responsible tool.

They should update it with the rest of the OS update procedure. End of sentence!

a thought to ponder.

okay so Apple gets permission from a 3rd party to include said company's product with their software.

all well and good

but how did Apple get said software in order to include it. they had to be given it by the company.

and if the company releases a new version and doesn't give it to Apple to update their installers what can Apple do. yes it would have been better if there was a way to test if someone had a newer version and leave it alone. something that is likely to be fixed in the upcoming 10.6.1.

but then again, how many folks here were on the quick list to try for a clean install anyway. And the folks that didn't or couldn't are the geek types that double check versions etc. cause that's just how they are.

So can you please enlighten me why Apple is able to issue Java updates and not Flash-updates as part of their Software-Update procedure?

at least some flavors of Java, perhaps including the one that Apple uses, are open source. None of flash is.



I would also be grateful for any information from Apples EULA that tells me that I have to update Flash myself,

from the Leopard EULA which is likely identical to the SL one
"E. Apple has provided, as part of the Apple Software package, access to certain third party software as a convenience. To the extent that the Apple Software contains thirdparty software, Apple has no express or implied obligation to provide any technical or other support for such software. Please contact the appropriate software vendor ormanufacturer directly for technical support and customer service related to its software and products"

Why are people upset that Apple didn't put the newest Flash Player into SL right before it was pressed and delivered? It's not like they printed it the same day you bought it. Next someone will be upset that iWork needs an update and "they just installed it, why isn't it the new one!?" :rolleyes:

Sophos, who wrote the inflammatory press release quoted at the top here, have a vested interest in making it sound awful even though there is not a single reported instance of this hitting a user in the wild. Why? They're trying to sell security products to businesses.

yep. right up with Intego being the ones to diss the very not at all advertised built in malware as being shoddy cause it only detects 2 pieces of malware (out of the 3 pieces out there for a Mac) and mislabeled one of them as variant A when it was really variant B.

Man, what a lot of post-age over so little.

This is just a little release conflict between Apple and Adobe. Adobe happened to release a new version of Flash Player after the cut-off for inclusion in SL. Did you want Apple to push back the release date of SL

So anyone who dilligently updates their Flash Player will go one step back when they install SL...

Big deal :rolleyes:

Presumably, dilligent updaters will remain true-to-form and dilligently re-update Flash Player shortly.

Summary: two steps forward, one step back, one step forward again == no big deal

And that's Adobe's fault? C'mon..

I will say this, however: Flash does not play well with Safari. Actually, media in general doesn't run well in Safari!! I've had no problems or performance issues using Flash in Firefox running on OS X. I also develop Flash applications on this system, and still no problems. I honestly don't know what people are complaining about or why their computers run poorly.I can't run Hulu fullscreen under OS X even with the latest plug-in. I have to boot into Windows 7 for that and it works just fine. It's still eating plenty of CPU time but it is full playback speed. Silverlight is better under OS X for video.

I've had to do damage control on other sites about the default plug-in in Snow Leopard being an older version. I got spammed with Activity Monitor CPU% screen shots and complaints about Apple, Adobe, Flash, etc.

No, it's lies. OSX is not vulnerable to anything anytime anywhere. Those commercials said it's PCs and windows that's vulnerable to stuff like that. C'mmon people, we're talking Apple. AAAPPPPLLLLEEE. Vulnerability? It doesn't exist!

Is anyone else who upgraded Flash dealing with this?????

Now safari semi-crashes when I go to print....seconds after installing the current Flash update????

I installed the flash update yesterday. I just printed this page. My Canon printer appeared in the print box and its driver was auto loaded. The page was loaded, the printer did its job (in greyscale, no sense using color for a test), and that's that. Total time including loading the driver and printing...maybe 2 minutes. Wirelessly as the printer is connected to my TC.

As for SL, everything is faster, much faster on my 1st gen MBAir. And with only an 80G hd I gained 10 G! Yes, 10 additional GB. My machine went from 30 available G's to over 40. Startup and shut down and reboots are about half the previous times. I couldn't be happier, especially as my wife received the recent purchaser SL upgrade disc for $10. Arrived Monday.

Such A Deal!

The 3rd party software on Snow Leopard seems a little out of date, the nVidia and ATi drivers are from early July.

Every install of Windows I've done has included Flash, but I'll admit that I haven't installed every variety of every version of Windows (and haven't touched 7 at all yet).

The Microsoft kits do not include Flash. An OEM Windows kit can include Flash in the bundle of bloatware that the OEM adds.

Most websites that need flash will launch a popup to install the Flash ActiveX control, so the Flash malware will be installed if the user clicks OK.

It disgusts me how people can defend Apple over this.

Not only is this OLD version of Flash vulnerable, it happens to perform worse too.

There's absolutely no excuse for an upgrade replacing software with versions that have security issues.

People need to admit that Apple isn't perfect.

Mine was out of date as well, Apple needs to be more responsible and let us know if something in SL is out of date :mad:.

Not only is this OLD version of Flash vulnerable, it happens to perform worse too.

There's absolutely no excuse for an upgrade replacing software with versions that have security issues.

It's difficult to run something as complicated as an operating system through quality assurance - you have to pick a set of files (the OS build, plus other tools and 3rd party apps) from a point in time, and test those, and if the tests pan out you ship those.

Clearly an application change, even a security update, that occurs after that point in time is not included. (If the "point in time" snapshot doesn't include fixes that were published before the "point in time", then criticism is due.)

Look at it another way - what if tomorrow (2009/09/04) Adobe patches a critical security flaw in Flash.... What if you're running 10.5.999, and you patch your system from Adobe.... What if you upgrade to 10.6 next week.... Do you blame Apple for exposing you to a flaw that you've fixed on your system, even though that fix wasn't known when the DVDs were pressed?
______

The only potential for criticizing Apple is whether running software update immediately after upgrading the OS fixes the problem.

With the "continual improvement" philosophy in Windows Update, one expects to run Windows Update immediately after an install, and you expect that problems like this will be taken care of. (People who install Windows 7 on the October 22 launch will see a bunch of updates waiting....)

If Apple users have to wait for Apple to test and release 10.6.1 to fix a known vulnerability - well, that's not so good if they have to wait a long time to fix a problem....

Flash isn't installed by default in Windows, although if you visit a Flash site in Internet Explorer the installation is almost transparent. Some replies here seemed to assume that it was.

It's Apple's need to make everything "just work" that leads them to installing Flash by default, which to my mind leads to it being their responsibility to make sure its up to date, or at the very least warning the user when an update is required.

Come to think of it when an update is needed on Windows for Flash I get a warning, why doesn't the same happen on OSX? Is Adobe just being lazy?

Can't have everything your own way. 5% marketshare means little attention from developers.

The only potential for criticizing Apple is whether running software update immediately after upgrading the OS fixes the problem.

With the "continual improvement" philosophy in Windows Update, one expects to run Windows Update immediately after an install, and you expect that problems like this will be taken care of. (People who install Windows 7 on the October 22 launch will see a bunch of updates waiting....)

If Apple users have to wait for Apple to test and release 10.6.1 to fix a known vulnerability - well, that's not so good if they have to wait a long time to fix a problem....

Given that 10.6.1 will include the update, but is not out yet (and SL has now been out for a week - plus they've had a long time since the GM was published) I'd say the time has passed for Apple to claim any praise for a quick update. They could have put out a security update using Software Updater just to fix this problem, it would be small and quick (and I don't think it would have needed a reboot).

Microsoft has taken a cautious approach with both Windows 7 and Vista, leaving quite a long period of time between RTM and the release to the general public. The updates for Windows 7 so far have been to fix issues discovered since the RTM, not before it.

I think Mac OS X's biggest security weakness is Apple's attitude. They include a lot of different things with the OS, quite a few of them most users wont ever use, and then they're slow to update them. Look at the DNS issue a while ago. Everyone else shipped their updates quickly, but Apple doesn't see these 3rd party additions as a high priority, yet there's very little users can do themselves to keep secure. You can't manually install an update for the built-in JVM, because Apple makes it. Sure you can install a different JRE, but the Apple one is still there.

Frequently they leave security holes open, because they're slow to respond.

It disgusts me how people can defend Apple over this.

Not only is this OLD version of Flash vulnerable, it happens to perform worse too.

There's absolutely no excuse for an upgrade replacing software with versions that have security issues.

People need to admit that Apple isn't perfect.

Much agreed. The fanboys here and elsewhere need to realize that this particular OS has caused a lot of problems across the board, more than usual I think. This is the buggiest since the first release of OS X 10.0. For that very reason I stayed on OS 9.2.2 in those days. :D

I've read that brand new Mac Pros out of the box are having problems with Snow Leopard, which makes me feel a little bit better with my "antique" Mac Pro having the same problems. :p

I understand that feature sets got frozen and an older Flash plug-in made it in. It's just annoying that on DAY ONE we didn't have a security update addressing it.

I can imagine 10.6.1 discs are going to be pressed out very soon. Windows 7 isn't out to retail and it already has fixes waiting.

Given that 10.6.1 will include the update, but it is not out yet (and SL has now been out for a week - plus they've had a long time since the GM was published) I'd say the time has passed for Apple to claim any praise for a quick update. They could have put out a security update using Software Updater just to fix this problem, it would be small and quick (and I don't think it would have needed a reboot).

Microsoft has taken a cautious approach with both Windows 7 and Vista, leaving quite a long period of time between RTM and the release to the general public. The updates for Windows 7 so far have been to fix issues discovered since the RTM, not before it.

I think that we agree.

The issue isn't whether the bits on the 10.6 DVD contain applications with problems that are known today (or next week, or next month).

The issue is whether running Software Update immediately after running the 10.6 DVD fixes those known problems - or whether one needs to wait for fixes.

It seems like Microsoft has a better approach for this issue. (For example, Vista SP1 was a couple of dozen MB for people who were running Microsoft update, even thought the SP1 "combo update" was several hundred MB. Most of the fixes/improvements in SP1 had been pushed out long before SP1 was shipped.)


Windows 7 isn't out to retail and it already has fixes waiting.

Yes, but there are millions of people running Windows 7 now - far more than are running 10.6.... ;)

This is the buggiest since the first release of OS X 10.0.

Huh? You jest, this is one of the most stable major releases we've had since X hit the streets in Mar '01.

So how do we make sure that all our apps like flash are up to date because I used the apple software update and it didn't give me the new flash version??

Huh? You jest, this is one of the most stable major releases we've had since X hit the streets in Mar '01.

+1

Leopard had some stupid bugs in 10.5.0 (the usb file transfer one, for instance) and a bunch of annoying glitches. This has been much more pleasurable. I got my first mac with something like 10.4.6 which was fine. But I read about 10.4.0 being horrible when I was reading about 10.5.0's bugs...

Huh? You jest, this is one of the most stable major releases we've had since X hit the streets in Mar '01.

Based on what info ?

Based on what info ?

Surely the other argument is the one that came first and the one that needs evidencing...

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

I agree - this may be making a mountain out of a molehill.

Will Apple go back at some point and create a new distribution for the retail channel when issues like this happen or do they just rely on the update process?

Will Apple go back at some point and create a new distribution for the retail channel when issues like this happen or do they just rely on the update process?New discs with 10.6.1 or 10.6.2 will be pressed once those updates are out.

I believe we got up to 10.5.6 under Leopard for retail.

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?
It does, for IE.

Are you sure about that?

I don't use IE, so I never installed Flash for it. But I tested
just now at the Flash version check page:

192503

Javascript is enabled. That is the 32-bit version of IE 8.

New discs with 10.6.1 or 10.6.2 will be pressed once those updates are out.

I believe we got up to 10.5.6 under Leopard for retail.

Actually.... (http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Version_history)

They only update the disks every few OS updates.

Actually.... (http://en.wikipedia.org/wiki/Mac_OS_X_v10.5#Version_history)

They only update the disks every few OS updates.Yeah they pressed new retail discs for 10.5.2 10.5.4, and 10.5.6. What of it?

I don't think the need for Apple to do it after 10.6.1 is that great.

If a user doesn't realize that re-installing their OS will, well, re-install the OS (back to a certain tested baseline), then their own absurd expectations (that they would never have in any other area of their life, where common sense tends to kick in more often) are reprehensible.

Flash is not part of the OS. It's an extra.

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

When the user has done so (ensuring they have the latest version) and some other installation package writes over that without informing you and without indication leaving you vulnerable, I'd say that was a major issue.

And of course, you've done exhaustive testing to discover that Snow Leopard is the cause of these problems.

Get real, kid. :rolleyes:

Didnt have the same problems under 10.5.8 so no matter where the cause lies, from this end users perspective, its what matters the most.

But it was Apple's job to DOWNGRADE your Flash player?

It's not like Apple is some stupid company that didn't know how to check if your Mac is running certain versions of Flash or any other software. Apple obviously did this for a reason.

How is snow Leopard? Is it worth the upgrade?
Yes, my MacBook Pro is significantly faster on everything (I timed stuff with Leopard too).
-Apps launch close to instantly (they allows took 4-6 bounces in Leopard).
-Faster Startup/Shutdown/Sleep/Wake
-Better response in apps

Snow Leopard was well worth $29; it's what Leopard should have been. Also, if you have Exchange- you NEED this.

Yes its like a Ferrari with a loose steering wheel. Got up to 100MPH real quick and crashed real hard... several times on all sorts of roads. I'm happy doing 60MPH getting where I need to go. Until that steering issue is fixed at least till then and a little longer. Precious cargo onboard.

Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations.

It'd be nice if the Flash plugin were sane like every other internet software in existence and took responsibility for its own security updates, but since it doesn't, your beef is with Adobe. Not Apple.

And every installation of Windows, along with every other OS ever made in history, does this. Sorry to break it to you. It's just a fact of life until someone comes up with something better.

Were we not 'expecting something better'?

Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations. ...

So just to try to understand your point on this... Given the above reasoning; In the event there was a security vulnerability within the encryption process communication of a browser when doing internet banking for example, is the user to blame for using his/her computer to be doing banking activities with the computer... or the party responsible for ensuring security in its communication structures?

...and how would disclaimers / agreements as well as 'paid for' services relate to those variables?

BTW I do understand your point and it may hold some validity especially when I do consider that when re-installing your OS after some time and many updates have been issued, the user would then of course still be responsible for updating their system (including third party applications) to the latest versions. I suppose thats where the disclaimers / user license agreements come into the picture!?

I (http://www.blogigo.com/xndbeig/How-to-make-money-in-eq2/8/) didn't realize that my flash player does not (http://zpdhjen.blogpico.com/2009/05/22/how-to-make-money-in-eq2/) update itself

You have been reported for consistently spamming in all of your posts.

Get lost.

Flash is not part of the OS. It's an extra.

Perhaps there is a fine line of considering it part of the OS or not if and when its not an option during installation!?

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

Are you in the US? I bought a MBP on release day and Snow Leopard came in the box, with my Mac, for free. And I haven't had any of the problems you report. No random shut down/restarts, my wireless networking is working fin, Illustrator working fine, etc. I don't know about PP because I haven't any reason to mess with it.