Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 1, 2013, 01:58 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in




As noted by Jim Dalrymple of The Loop, Apple today updated its malware definition file "Xprotect.plist" to block older versions of Adobe Flash Player in Safari. Versions of Flash that come before the latest 11.6.602.171 update will be automatically blacklisted.

Quote:
To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player
The ban comes after a security bulletin issued by Adobe earlier this week, covering three different vulnerabilities and recommending an update to the newest version of Flash.

In recent weeks, Apple has aggressively used its anti-malware tools to enforce minimum plug-in versions in light of security issues affecting the software. Recent blocks have included a previous Flash Player update enforcement in early February, and several blocks of Oracle's Java 7 Web plug-in earlier this year.

Article Link: Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in
MacRumors is offline   1 Reply With Quote
Old Mar 1, 2013, 02:03 PM   #2
Yvan256
macrumors 601
 
Yvan256's Avatar
 
Join Date: Jul 2004
Location: Canada
The safest way is still to uncheck the "Enable plug-ins" and "Enable Java" options in Safari.
Yvan256 is offline   4 Reply With Quote
Old Mar 1, 2013, 02:06 PM   #3
tigres
macrumors 68040
 
tigres's Avatar
 
Join Date: Aug 2007
Location: Land of the Free-Waiting for Term Limits
Quote:
Originally Posted by Yvan256 View Post
The safest way is still to uncheck the "Enable plug-ins" and "Enable Java" options in Safari.
uNless you actually need java, like some people- myself included.
__________________
Quicker than two shakes of a lambs tail
tigres is offline   3 Reply With Quote
Old Mar 1, 2013, 02:08 PM   #4
dwhittington
macrumors regular
 
Join Date: Mar 2007
Location: Houston, TX
Quote:
Originally Posted by tigres View Post
uNless you actually need java, like some people- myself included.
Agreed. Same here.
__________________
-David

Think 8-bit.
dwhittington is offline   0 Reply With Quote
Old Mar 1, 2013, 02:16 PM   #5
SirYossi
macrumors member
 
Join Date: Jan 2012
Location: Penfield
Another Reason why Jobs was against Flash

Quote:
Originally Posted by MacRumors View Post
Image


As noted by Jim Dalrymple of The Loop, Apple today updated its malware definition file "Xprotect.plist" to block older versions of Adobe Flash Player in Safari. Versions of Flash that come before the latest 11.6.602.171 update will be automatically blacklisted.

The ban comes after a security bulletin issued by Adobe earlier this week, covering three different vulnerabilities and recommending an update to the newest version of Flash.

In recent weeks, Apple has aggressively used its anti-malware tools to enforce minimum plug-in versions in light of security issues affecting the software. Recent blocks have included a previous Flash Player update enforcement in early February, and several blocks of Oracle's Java 7 Web plug-in earlier this year.

Article Link: Apple Updates Anti-Malware Software to Block Older Versions of Adobe Flash Player Plug-in
just wish flash would just go away ti is always crashing the web and is a damm memory hog.
SirYossi is offline   0 Reply With Quote
Old Mar 1, 2013, 02:26 PM   #6
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Flash I still need... sometimes. ClickToFlash Safari extension to the rescue!

Java (at least in the browser where it's a problem) I don't need ever.

Security holes... I also don't need ever.

I like this peace of mind. Apple's system means I will be secure without having to think about it. And if I ever REALLY want to use an older, insecure Flash, I have Firefox or Chrome to fall back on.
nagromme is offline   3 Reply With Quote
Old Mar 1, 2013, 02:31 PM   #7
Moonjumper
macrumors 65816
 
Join Date: Jun 2009
Location: Lincoln, UK
Blocking by default is OK, but I wish it still allowed me to make an exception. I didn't have time to update Flash this morning, but I wanted to watch a short video on the BBC website, but couldn't because it had been blocked.

I'm used to Gmail hiding the content of a suspicious email, but it still allows me the option to view it. This should be the behaviour regarding the plugin.
Moonjumper is offline   0 Reply With Quote
Old Mar 1, 2013, 02:35 PM   #8
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by tigres View Post
uNless you actually need java, like some people- myself included.
Quote:
Originally Posted by dwhittington View Post
Agreed. Same here.
What application are you running that computationally requires Java in the browser in order to run?

What are you doing to convey to the software vendor that it is urgent to upgrade their service to eliminate the need for Java in the browser?
FloatingBones is offline   5 Reply With Quote
Old Mar 1, 2013, 02:46 PM   #9
tigres
macrumors 68040
 
tigres's Avatar
 
Join Date: Aug 2007
Location: Land of the Free-Waiting for Term Limits
Quote:
Originally Posted by FloatingBones View Post
What application are you running that computationally requires Java in the browser in order to run?

What are you doing to convey to the software vendor that it is urgent to upgrade their service to eliminate the need for Java in the browser?
Banking.
Finance.

80% of our sites use it.
__________________
Quicker than two shakes of a lambs tail
tigres is offline   1 Reply With Quote
Old Mar 1, 2013, 02:52 PM   #10
iMikeT
macrumors 68020
 
Join Date: Jul 2006
Location: California
Welcome to yesterday MacRumors.
iMikeT is offline   0 Reply With Quote
Old Mar 1, 2013, 02:56 PM   #11
FloatingBones
macrumors 65816
 
FloatingBones's Avatar
 
Join Date: Jul 2006
Quote:
Originally Posted by tigres View Post
Quote:
Originally Posted by FloatingBones View Post
What application are you running that computationally requires Java in the browser in order to run?
Banking.
Finance.
You don't understand the question. I'll rephrase: what is it about banking and finance that requires the computation be performed with Java in the browser?

As far as we can tell, it's simply a matter of complacency and laziness that is leaving your site with the risky implementation. You seem to not realize: apathy by businesses like yours is what is keeping this problem in place.

Are you perhaps hoping that Java will someday be secure?
FloatingBones is offline   4 Reply With Quote
Old Mar 1, 2013, 03:04 PM   #12
mohawkapple
macrumors newbie
 
Join Date: Feb 2013
Location: k-town
what exactly is java used for? I'm new to mac's also and not really sure how to enable or disable java lol
i do have flash player running on my mbp
thanks
__________________
go #88 go
mohawkapple is offline   0 Reply With Quote
Old Mar 1, 2013, 03:05 PM   #13
DShap5
macrumors 6502a
 
DShap5's Avatar
 
Join Date: Dec 2012
Location: California
Adobe FlashPlayer has been a pain lately.
DShap5 is offline   0 Reply With Quote
Old Mar 1, 2013, 03:17 PM   #14
Amazing Iceman
macrumors 68020
 
Amazing Iceman's Avatar
 
Join Date: Nov 2008
Location: Florida, U.S.A.
If it wasn't for a handful of sites I need to access that still require Flash, I would have already got rid of it. Same would apply to JAVA.
I really hope all sites start supporting HTML5/CSS3 soon.

----------

Quote:
Originally Posted by mohawkapple View Post
what exactly is java used for? I'm new to mac's also and not really sure how to enable or disable java lol
i do have flash player running on my mbp
thanks
Well, it doesn't come preloaded with your MAC, so unless you manually installed it, you don't have it. Hopefully you may never need it.
Java is not the same as JavaScript, which is supported by Safari. No need to worry about JavaScript.
__________________
17" MacBook Pro (2007) iPad Air WiFi+Cell 128 GB iPhone 5s 64 GB T-Mobile AppleTV 2
Follow @AmazingIceman for useful tech info and more (mention MacRumors).
Amazing Iceman is offline   0 Reply With Quote
Old Mar 1, 2013, 03:21 PM   #15
podlasek
macrumors newbie
 
Join Date: Feb 2008
Location: USA
Quote:
Originally Posted by FloatingBones View Post
You don't understand the question. I'll rephrase: what is it about banking and finance that requires the computation be performed with Java in the browser?

As far as we can tell, it's simply a matter of complacency and laziness that is leaving your site with the risky implementation. You seem to not realize: apathy by businesses like yours is what is keeping this problem in place.

Are you perhaps hoping that Java will someday be secure?
WOW, What world do you live in? In the world of Enterprise software specifically the latest version of Oracle Financials, Java is required for the system to function within the browser. During this time, we had to shut off Internet access for our users in order to ensure they would not be breached and could continue to do most of their job functions.
__________________
podlasek is offline   3 Reply With Quote
Old Mar 1, 2013, 03:30 PM   #16
lifeinhd
macrumors 65816
 
lifeinhd's Avatar
 
Join Date: Mar 2008
Location: 127.0.0.1
Quote:
Originally Posted by FloatingBones View Post
What application are you running that computationally requires Java in the browser in order to run?

What are you doing to convey to the software vendor that it is urgent to upgrade their service to eliminate the need for Java in the browser?
I had a client who called me the other week because the site she used to manage her real estate would no longer work on her Mac. Turns out it used Java, and Apple had disabled Java earlier that day.

You can argue all day long that Java/Flash/plugins shouldn't be necessary, but it doesn't change the fact that remotely disabling stuff with no opt-out or even warning is NOT okay.
__________________
PowerBook G5, 1.67GHz MacBook Pro, iPhone Nano, iPhone 6, Apple Television Set
lifeinhd is offline   7 Reply With Quote
Old Mar 1, 2013, 03:59 PM   #17
Jaymes
macrumors member
 
Join Date: Nov 2007
Quote:
Originally Posted by FloatingBones View Post
What application are you running that computationally requires Java in the browser in order to run?

What are you doing to convey to the software vendor that it is urgent to upgrade their service to eliminate the need for Java in the browser?
Have you ever worked in an enterprise environment? Java is widespread, because it is cross-platform. You only have to right software once, and it will work on Mac, Windows, mobile phone, an ATM, whatever. That's part of the reason people try to compromise it so often.

Unless Oracle somehow self-destructs, Java isn't going away anytime soon. Heck, even CrashPlan Pro (the supposed gold standard in Mac backup that Apple uses on 27,000 of its campus computers) uses a Java client to run. That's right - read it: Apple uses Java on nearly every desktop computer on their campus.
Jaymes is offline   4 Reply With Quote
Old Mar 1, 2013, 04:33 PM   #18
oneofakind
macrumors newbie
 
Join Date: May 2012
Location: Sacramento
Send a message via Skype™ to oneofakind
At least someone tried to protect their users more than others. *Cough*Microsoft*Cough
oneofakind is offline   0 Reply With Quote
Old Mar 1, 2013, 05:32 PM   #19
a.gomez
macrumors 6502
 
Join Date: Oct 2008
I guess the few people who still use Safari on a computer will get a pop up soon. This thing should go and join Ping
__________________
30 Cinema display, VAIO Z i7-QM MacPro 8Core 2.4Xeon Vaio Flip 15 i7
a.gomez is offline   0 Reply With Quote
Old Mar 1, 2013, 05:33 PM   #20
tigres
macrumors 68040
 
tigres's Avatar
 
Join Date: Aug 2007
Location: Land of the Free-Waiting for Term Limits
Quote:
Originally Posted by FloatingBones View Post
You don't understand the question. I'll rephrase: what is it about banking and finance that requires the computation be performed with Java in the browser?

As far as we can tell, it's simply a matter of complacency and laziness that is leaving your site with the risky implementation. You seem to not realize: apathy by businesses like yours is what is keeping this problem in place.

Are you perhaps hoping that Java will someday be secure?
Hmmm.

Ok I will convey your ideas to all the banking sites I use for my daily job.
Maybe they will listen, and pull in the it departments over the weekend and rebuild their respective sites.

__________________
Quicker than two shakes of a lambs tail
tigres is offline   1 Reply With Quote
Old Mar 1, 2013, 05:41 PM   #21
coolfactor
macrumors 65816
 
Join Date: Jul 2002
Location: Vancouver, BC CANADA
I use Safari as my preferred browser, but I have Chrome set as the default so if I click any links from other applications, they open into Chrome. And if I ever need to view Flash content, I open it in Chrome. It's a simple copy-and-paste of the URL from the Safari address bar into Chrome. Simple.

----------

Quote:
Originally Posted by a.gomez View Post
I guess the few people who still use Safari on a computer will get a pop up soon. This thing should go and join Ping
I still prefer Safari's "feel" over all other browsers that I use, and I use Safari, Chrome, Opera and Firefox on a near-daily basis. They all have their place.
coolfactor is offline   1 Reply With Quote
Old Mar 1, 2013, 05:50 PM   #22
andrewm
macrumors regular
 
Join Date: Apr 2004
Quote:
Originally Posted by Jaymes View Post
Have you ever worked in an enterprise environment? Java is widespread, because it is cross-platform. You only have to right software once, and it will work on Mac, Windows, mobile phone, an ATM, whatever. That's part of the reason people try to compromise it so often.

Unless Oracle somehow self-destructs, Java isn't going away anytime soon. Heck, even CrashPlan Pro (the supposed gold standard in Mac backup that Apple uses on 27,000 of its campus computers) uses a Java client to run. That's right - read it: Apple uses Java on nearly every desktop computer on their campus.
No, Java isn't going away. I don't think that Java itself is the problem, but rather the "sandbox" that can be broken-out-of on client operating systems. These systems don't get the latest patches when they need it most. I have relatives who don't know what Java is, who don't know how to disable it even if they do, and certainly don't give half a care if some software they can't identify is kept up-to-date.

I also suspect that Apple have a vested interest in preventing Macs from joining the millions of Windows PCs the world over that are unknowing members of criminal botnets. Maybe a point of pride.

This stream of issues isn't necessarily about these standalone apps. It is rather more focused upon applets that run within a Web browser. CrashPlan isn't (at least to my knowledge?) built as a browser applet. Even if it were to suffer technically from the same vulnerability, it might not be nearly as practical to exploit it.

When Java is enabled in the Web browser, that browser becomes a potential "open window" on to the operating system for anyone able to exploit such a vulnerability.

The "problem," as I see it, is applets, not Java standalone apps.

Organizations that require Java to be enabled in the browser are helping to keep this issue alive since going through the browser seems an increasingly-common central attack vector.

If Java simply didn't exist in the browser—if Applets were dead for good—people with apps that have Java dependencies (CyberDuck, CrashPlan, etc.) might not get locked out as often once something like this comes to light, as the level of risk, I feel, would likely be lower.
andrewm is offline   0 Reply With Quote
Old Mar 1, 2013, 05:54 PM   #23
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by a.gomez View Post
I guess the few people who still use Safari on a computer will get a pop up soon. This thing should go and join Ping
Yeah, all three of us. And , of course, if we're dumb enough to use Safari, we're also too dumb to know how to compute safely.

Speaking for the three of us using Safari...thanks so much for the suggestion to join Ping.
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   0 Reply With Quote
Old Mar 1, 2013, 06:04 PM   #24
mohawkapple
macrumors newbie
 
Join Date: Feb 2013
Location: k-town
Quote:
Originally Posted by Amazing Iceman View Post
If it wasn't for a handful of sites I need to access that still require Flash, I would have already got rid of it. Same would apply to JAVA.
I really hope all sites start supporting HTML5/CSS3 soon.

----------



Well, it doesn't come preloaded with your MAC, so unless you manually installed it, you don't have it. Hopefully you may never need it.
Java is not the same as JavaScript, which is supported by Safari. No need to worry about JavaScript.
Thanks for the info, how can I tell if I downloaded this java thing? I can't remember if I did or not lol
Sorry for the new be questions and thanks for any help
__________________
go #88 go
mohawkapple is offline   0 Reply With Quote
Old Mar 1, 2013, 06:25 PM   #25
samcraig
macrumors G5
 
Join Date: Jun 2009
Wait? People still use safari?

Buggiest browser I've ever used. Prefer Firefox and Chrome thanks.
samcraig is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Enforces Adobe Flash Player Security Upgrade with Updated Malware Definitions MacRumors Mac Blog Discussion 51 Feb 15, 2014 11:04 AM
Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware MacRumors MacRumors.com News Discussion 66 Mar 26, 2013 08:22 AM
Adobe Releases Flash Player Update to Patch Security Holes as Apple Blocks Earlier Versions MacRumors MacRumors.com News Discussion 162 Feb 15, 2013 09:48 PM
Imac flash player plug in crash Reefdiver iMac 3 Sep 19, 2012 10:42 AM
Flash Player plug in crash ttennebk OS X 2 Jul 26, 2012 09:57 PM

Forum Jump

All times are GMT -5. The time now is 05:12 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC