Categories: Global Tech News

Apple’s Users at High Risk After Snow Leopard Ships With Vulnerable Flash

Increasingly, it is exploits of application vulnerabilities that are used to gain access to and control of modern operating systems, not attacks on the OS itself.  With Apple relenting and allowing more third party software on its computers in a bid to appeal to a broader consumer market, it’s finding it hard to maintain the image of security that its ads claim, when its applications frequently develop exploitable vulnerabilities.

It was discovered this week that Apple’s new operating system, OS X 10.6 “Snow Leopard” shipped with an outdated, vulnerable version of Flash — 10.0.23.1.  An upgrade to Snow Leopard downgrades the Flash from the current version (10.0.32.18) without prompting the user, according to security firm Sophos.

In doing so, the new OS puts customers at risk, as the older version of Flash had several widely known vulnerabilities.  Adobe is a popular target for hackers, with Flash, Acrobat and Reader (used for PDF — Portable Document Format — files), all being frequently used to attack systems.

In July alone, Adobe was forced to issue 12 updates for its Flash player — updates that were included in the latest version of the player, but not in the version Snow Leopard shipped with.  Ten of those vulnerabilities could be used to execute arbitrary code on the machine.

By default Adobe’s flash player only updates once every 30 days.  That gives hackers a wonderful window to attack new Macs and Macs upgrading to the new OS over the next month, unless Apple or its users act. 

Adobe’s update settings are not configurable on the physical machine, but savvy users can safeguard themselves by going to the “Settings Manager” page on Adobe’s website, and setting their updates to seven day intervals (7, 14, 30 (default), and 60 day intervals are available).  More importantly, they should upgrade immediately to the latest version of Flash.

Apple would not respond for comment about the development.  The revelation of the vulnerability came as Apple shipped with its first ever free malware detection software, capable of detecting two common Apple malware programs — “RSPlug.a” and “Iservice”.  Apple’s press releases also bragged of several other security improvements in Snow Leopard.  Nonetheless, security firms remain skeptical and these efforts, saying the OS still has many security flaws.

Recent Posts

AMD Dual-Core Optimization Utility Available

AMD Dual-Core Optimization Utility Available

Improving dual-core compatibility for gaming

5.7″ ZTE ZMAX “Phablet” Coming to T-Mobile Sept 24 for $252

ZMAX will come with a Snapdragon 400 processor and 720p display

100 Northern California Households to Receive Plug-in Priuses

UC Davis dares to go where Toyota won't with the Prius

Apple on Microsoft Ads: PCs Are “No Bargain”, Macs Are “Cool”

An Apple spokesperson fires back over Microsoft's latest commercials

Update: 13.3″ Dell XPS m1330 Notebook Details Leaked

Engadget gets the scoop on Dell's latest "ultra-portable" notebook