Any exploits in the wild for this, or is this just a security "hole" that is being closed? Basically, does anyone need to worried that they have been compromised?
I'm curious about this, too.
I believe every single one of the Java/Flash updates in 2012 and 2013 have happened when 0-day exploits were identified in the wild. If you wish to stay current on the malware exploits, you can watch the
Security Now! podcast weekly. You can also peruse the
archive of transcripts from this week's show back to August 19, 2005. Steve has all the shows professionally transcribed a day or two after recording; this is a tremendous service that he provides to the community.
Apple has had the mechanism to instantly disable malware for several versions of the OS (I see references back to at least Snow Leopard). Updates to that plist file allow "sleeper" malware that has been widely deployed to be instantly disabled. The thing that's changed recently is Apple's use of this mechanism to turn off Flash and Java when 0-day threats are identified. Exploits through Flash and Java are, AFAICT, the two greatest risks to Mac users today; I'm grateful for Apple's closing the loop here.
The complaints that Apple is "taking over" machines is nonsense. Anyone with admin privileges on a Mac can turn off this mechanism in their security settings. Apple has provided a great mechanism to secure their computers, they are actively using it, and they even provide a simple means for those not wanting to use it to turn it off. None of the complainers here show understanding of how that mechanism works.
criticizes the late Steve Jobs by not allowing flash in some Apple devices. Time appears to show that was a sound decission: Resource hog, malware, bogging down hardware, privacy concerns and so on.....
If Apple hadn't drawn that line in the sand with the iPhone back in 2007, imagine how much worse the malware problem would be today.
That is a pity, because Flash is a very useful tech
The
idea of Flash was wonderful, but Flash never ever executed on its promise. Those tactical and strategic failures of Flash were spelled out in Jobs's 2010
Thoughts on Flash memo. The note provides a rare historical insight into why Apple abandoned a particular technology. IMHO, I think Apple did a tremendous service to the Internet community as a whole by drawing this line in the sand.
I think we're getting pretty close to getting directives from the DHS for websites to drop Flash/Java. I do not like that kind of government intervention, but it is time to remove these sources of infection from mainstream websites. I am rather astonished that Google has failed to take the lead and make their services Flash-free.