September 3rd, 2009

Vulnerable Adobe Flash shipped with Snow Leopard

Posted by Adrian Kingsley-Hughes @ 3:27 am

Categories: Apple, Security, Software

Tags: Adobe Systems Inc., Apple Macintosh, Apple Inc., Mac User, Desktops, Security, Hardware, Adrian Kingsley-Hughes

If you’ve upgraded your shiny Mac to Apple’s latest Mac OS X 10.6 Snow Leopard then you might have made your Mac less secure thank to Apple shipping an old version of Adobe Flash which contains a serious vulnerability.

This information comes to us via the good folks at Sophos:

Now, imagine (like me) you got your copy of Snow Leopard on Friday, and have now updated your computers.

Unfortunately during the course of that update (and unknown to you) Apple downgraded your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities.

The version you should be running is the latest version of Flash Player for Mac - 10.0.32.18.

Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe’s software in recent months.

That’s a serious oversight on Apple’s part.

Fortunately, it’s easy to fix the problem. Head over to Flash download page and let that do its magic. You should be all patched up in a minute or so.

And Sophos’ Graham Cluley is spot on with this observation:

This should be done as a matter of priority. Adobe is the “new Microsoft” when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit. This has lead the company to follow Microsoft’s example by releasing regular security updates.

If you upgraded to Snow Leopard, then it’s time to patch up!