On CNET: Nook back on sale
BNET Business Network:
BNET
TechRepublic
ZDNet

September 2nd, 2009

Snow Leopard ships with vulnerable Flash Player

Posted by Ryan Naraine @ 4:42 pm

Categories: Adobe, Anti Virus, Apple, Data theft, Denial of Service (DoS), Flash, Malware, Patch Watch

Tags: Apple Macintosh, Macromedia Flash Player, Malware, Apple Mac OS X, Spyware, Adware & Malware, Apple Mac OS, Cyberthreats, Desktops, Operating Systems, Viruses And Worms

Apple’s new operating system comes with an outdated version of Flash Player that exposes Mac users to hacker attacks.

The initial release of Mac OS X 1..6 (Snow Leopard) includes Flash Player 10.0.23.1, which is very much out of date.   The fully patched version of Flash Player for Mac is version 10.0.32.18.

[ SEE: Apple adds malware blocker in Snow Leopard ]

Even worse, Intego reports that the vulnerable version of Flash is included even if the Mac user was fully patched before upgrading the operating system.

The current version of Flash Player for Mac is 10.0.32.18, but if you go to the Flash Player version test page after installing Snow Leopard, you’ll find that you have version 10.0.23.1, even if you were up-to-date before the upgrade. It seems that Apple is shipping an outdated, even dangerous version of Flash Player.

Adobe has also spotted the hiccup and released a security alert to warn of the problem.

The initial release of Mac OS X 10.6 (Snow Leopard) includes an earlier version of Adobe Flash Player than what is available from Adobe.com. We recommend all users update to the latest, most secure version of Flash Player (10.0.32.18) — which supports Snow Leopard and is available for download from http://www.adobe.com/go/getflashplayer.

Snow Leopard also includes a rudimentary file quarantine feature to help block known malware attacks against Mac OS X users.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 85 Talkback(s)
Cool!...(nt)
.
(Read the rest)
Posted by: JCitizen Posted on: 09/13/09 You are currently: a Guest | | Terms of Use
This is unpossible!!! Stop Lying!! Snow Leopard is Teh Secure!  Qbt | 09/02/09
Well, they didn't, BUT they did include it ...  mwagner@... | 09/03/09
Who needs flash...  arminw | 09/03/09
Most people watch YouTube videos  Michael Kelly | 09/03/09
You might do better with Flashblock  j.m.galvin | 09/03/09
Cool!...(nt)  JCitizen | 09/13/09
So far the only posts are from windows fanbois  frgough | 09/02/09
Well, the problem is that..  Dealing | 09/02/09
No apology given, none necessary.  Richard Flude | 09/02/09
Only Apple's software is updated via Software Update  Mikael_z | 09/03/09
Is that an automatic update from apple?  notsofast | 09/03/09
What about all the crap in Windows  djzoey | 09/03/09
No ... the point is ...  de-void | 09/03/09
So far the only posts are from windows fanbois  kmackdog@... | 09/03/09
speaking of updates  dlights@... | 09/03/09
You're right  notsofast | 09/03/09
Apple products suck at Flash. Everybody knows that.  Dealing | 09/02/09
Making their own standards....  Wolfie2K3 | 09/03/09
Re: Making their own standards....  Jamik | 09/03/09
RE: Making their own standards  gschultz | 09/03/09
You are actually correct here  root12 | 09/03/09
What planet are you on?  de-void | 09/03/09
Making their own standards....  kmackdog@... | 09/03/09
Two problems with your theory  KWRussell | 09/03/09
Adobe flash player for mac is a huge resource hog  j.m.galvin | 09/03/09
Look no issue  rbert16000 | 09/03/09
I charge a lot more for a mac  davidhite | 09/03/09
Thanks, guys, for pointing this out.  Zukuzu | 09/02/09
RE: Snow Leopard ships with vulnerable Flash Player  mechBgon | 09/02/09
Software update is....  arminw | 09/03/09
And I'm saying that should change.  mechBgon | 09/03/09
Apple Update and Flash...  PollyProteus | 09/03/09
Problem with that...  mechBgon | 09/03/09
actually....  doh123 | 09/04/09
You mean ADOBE ships insecure Flash Player  mlindl | 09/03/09
So you're saying Adobe would not let Apple ship  Michael Kelly | 09/03/09
Adobe?  compudog | 09/03/09
Yawn: Another scary Apple headline  mlindl | 09/03/09
Theories...  Narg | 09/03/09
So 90% of the world  davidhite | 09/03/09
Ok, I'm waking you up wink  mechBgon | 09/03/09
Probably not...  JCitizen | 09/04/09
It didn't require user interaction  mechBgon | 09/04/09
True dat! Humility is a rare commodity  Ole Man | 09/05/09
Veeerryy intrestink!!!...  JCitizen | 09/05/09
Endangered OS X Snow Leopard = FLOP  shellcodes_coder | 09/03/09
Little problem  Lerianis10 | 09/03/09
Huh...  marcin.rybak@... | 09/03/09
As long as it updates automatically  Michael Kelly | 09/03/09
Yeah! Huh?  rtk | 09/03/09
It's been what...4 DAYS?  odcchaz | 09/03/09
What software DOESN'T need updates the moment it's released?  ejhonda | 09/03/09
As long as Apple automatic updates  Michael Kelly | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  eddmo | 09/03/09
Obviously another Microsoft plot against Apple.  IT_Guy_z | 09/03/09
The same for Linux and Windows...  wright_is | 09/03/09
So what.  root12 | 09/03/09
I'm not an Apple Lover....  cornpie | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  gskluzacek | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  windozefreak | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  TSGlassey | 09/03/09
Oh no, a Flash problem  HollywoodDog | 09/03/09
ROFL bet this will not make it in the PC vs, Mac ads  Randalllind | 09/03/09
Well since I think Flash is equally bad on both platforms.  James Quinn | 09/03/09
This is exactly why OS vendors should not ...  mwagner@... | 09/03/09
I don't agree with that  Michael Kelly | 09/03/09
customers don't expect buggy software  justwait | 09/03/09
I agree with what you say but not your conclusion  Michael Kelly | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  FriBaby | 09/03/09
Does it though?  Michael Kelly | 09/03/09
THIS ARTICLE=  paulcampagna.com | 09/03/09
Does the flash player auto update  Stan57 | 09/03/09
can't download snowlep  pupkin_z | 09/03/09
How do people know, unless someone/thing informs them?  invmgr@... | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  catanese@... | 09/03/09
Hint on updating flash player for Mac  j.m.galvin | 09/03/09
Made a mistake  sigma2 | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  Jay Smtih | 09/03/09
The test page link you gave shows I have version 10,0,12,36  Laraine Anne Barker | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  Jim5506 | 09/03/09
RE: Snow Leopard ships with vulnerable Flash Player  michael@... | 09/03/09
No different that Micorosoft third party apps..  JCitizen | 09/04/09
Sounds like an OLD flash player. "Bad" is just a spin.  HypnoToad72 | 09/07/09
Nice spin  rtk | 09/07/09
True, my security software...  JCitizen | 09/13/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here