Categories: MacSecurityWorkspace

Apple Tackling Adobe Security Hole In Snow Leopard

According to Sophos, users who upgrade to Snow Leopard are left with Adobe Flash Player Version 10.0.23.1, which is known to be susceptible to attacks.

Apple is pushing out an older, vulnerable version of Adobe Flash Player with its “Snow Leopard” operating system upgrade, according to Sophos.

Snow Leopard, aka Mac OS X 10.6, hit the streets on 28 Aug with much fanfare about promised performance improvements. Apple also generated some buzz by including a malware scanner in the mix to analyse downloads for two known Trojan families.

However, the updated operating system also includes a version of Adobe Flash Player that is vulnerable to several bugs. During the update process, Apple silently downgrades the latest version of Flash Player for Mac—Version 10.0.32.18—to Version 10.0.23.1, Sophos reported on 2 Sept.

“Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission and that they are now exposed to a raft of potential attacks and exploits [that have targeted] Adobe’s software in recent months,” blogged Graham Cluley, senior technology consultant at Sophos.

Adobe, as Cluley pointed out, has become a popular target for attackers. August statistics from Trusteer showed that nearly 80 percent of the roughly 2.5 million users Trusteer scanned were running vulnerable versions of Flash.

“Adobe is the ‘new Microsoft’ when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit,” Cluley wrote in the blog post.

“If you’re not sure which version of Adobe Flash you have on your computer (whatever operating system you use), take 30 seconds to visit their Website,” he added. “Adobe will not only tell you what version of Flash you are running, they will also tell you what version you should be running.”

Apple did not respond to a request for comment about the issue.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago