Adobe Releases Flash Player Update to Patch Security Holes as Apple Blocks Earlier Versions

[MacRumors]

As noted by Ars Technica, Adobe late yesterday issued a security bulletin announcing that it was releasing updates to Flash Player in order to address a pair of security vulnerabilities targeting Mac and Windows users.

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

Users can manually download the new 11.5.502.149 version of Flash Player from Adobe's site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

In response to the issue, Apple has updated its Xprotect anti-malware system to enforce new minimum version requirements blocking all previous versions of Flash Player. Apple has used the system several times over the past month to block vulnerable versions of Java.

Apple has also posted a new support document addressing the issue and explaining to users how to update Flash Player when they discover that the plug-in has been blocked.

Article Link: Adobe Releases Flash Player Update to Patch Security Holes as Apple Blocks Earlier Versions

 

[OrangeSVTguy]

How long before the next "vulnerability" and apple shuts this one down?

 

[Squilly]

What is with all the exploits lately.... Get it right people!

 

[JaySoul]

Flash, Flash, why do you crash?

 

[autrefois]

Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn't acceptable for them to keep disabling software that many people use and need on a daily basis. Inform people of the vulnerability and give them the option of disabling it.

 

[Ricanlegend]

Does anybody use flash anymore ? I been blocking flash for 4 years

 

[Saladinos]

This is why Apple have been fighting for a plugin-free web.

It's certainly cost them sales (not having flash and to a lesser extent Java on iOS devices, for example), but it's worth it. I'm glad they didn't take the easy road.

 

[TheNextBigThing]

Tried to open the download link.
"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available."

 

[ProudLoz]

Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn't acceptable for them to keep disabling software that many people use and need on a daily basis just because there's a vulnerability out there.

This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.

 

[fullauto]

Urgh get rid of it already.

 

[xionxiox]

This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.

This seems to be the only way things have been getting fixed tho...

 

[Macrolido]

Flash is the cáncer of OS X.

 

[BornAgainMac]

I never hear any problems with Microsoft Silverlight. Is it extremely secure or just nobody uses it or cares?

 

[AngerDanger]

Total Poetry Time®

Flash, Flash, why do you crash?

My poor keyboard, you make me smash.

 

[ncaissie]

Does anybody use flash anymore ? I been blocking flash for 4 years

Then you are not a gamer. Most game sites are still being developed in Flash.

 

[scaredpoet]

Tried to open the download link.
"Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available."

Yeah, all versions of Chrome come with an internalized Flash instance separate from the OS. So, for someone like autrefois who wants to run an insecure plugin, they can just use Chrome.

Funny how the devs do this for Flash, but continue to take a stand against a real standard like H.264.

Apple needs to stop blocking software.

No, people need to stop making users "do actual work" using poor platform choices and insecure software. Flash and Java's times are over. I'm glad Apple is doing this, because it highlights the fact that these plugins need to go.

 

[SOLLERBOY]

Great, go through the process and it's still blocked. It just re installed the same version I had.

 

[autrefois]

This. Although I wasn't working, I did find it annoying that a lot of the websites I visited that needed the adobe plug-in where completely useless because of this block.

Yes, I completely agree it is annoying (and in my opinion unacceptable) in general, whether it's for work or not.

I mentioned work because I happened to be trying to access something for work at the time, and I was anticipating that people would say (and I see it's already started) things like: who needs Flash, haven't used Flash in ages, let's destroy Flash once and for all, etc.

Yes, this time there is a fix available right away (which was not the case with Java recently). And no, I don't like Flash. But sometimes, there isn't another option right now.

Why should we have to guess what software Apple is or isn't going to decide to block every day? It is the consumer's responsibility to make sure their computer is safe. Popping up a warning before running it would be more than sufficient.

 

[Northgrove]

Flash & Java are usually replaceable with HTML 5 + Javascript. The only time I can think of Java being more convenient is for the more direct hardware access, but this is precisely why it's so dangerous!

I'm pretty sure we could do away with these technologies and still have a web functioning pretty much like today, only with less crashes, less resource requirements, and better mobile platform support.

Flash isn't supported by iOS, Android since 4.1, or Windows Phone 8. It's ridiculous that web designers still use the technology.

 

[Skika]

What is this flash you speak off?

 

[bananas]

Users can manually download the new 11.5.502.146 version of Flash Player from Adobe's site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

The current version is actually 11.5.502.149

 

[pmhparis]

I never hear any problems with Microsoft Silverlight. Is it extremely secure or just nobody uses it or cares?

it has it's own problems but the fact that few people have it installed has made it a less visible target. Ask yourself this: Do you really need Silverlight? The answer is extremely rarely yes so why augment the ways you can be remotely hacked.

 

[MyNameIsDave]

Great, go through the process and it's still blocked. It just re installed the same version I had.

You need to restart your browser after the install. It doesn't tell you to do this, but it looks as though the update has failed if you don't when it has in fact worked.

 

[pmhparis]

What is this flash you speak off?

It comes with Chrome for the thankfully few instances where I actually need to use it...

----------

Then you are not a gamer. Most game sites are still being developed in Flash.

So, then your postulate is that Gamers do not mind getting hacked in drive by attacks on flash?

 

[camnchar]

Apple can go ahead and keep blocking Flash.