Apple's Users at High Risk After Snow Leopard Ships With Vulnerable Flash
September 3, 2009 10:30 AM
Apple's Snow Leopard shipped with an outdated vulnerable version of Flash. If these users don't upgrade to the latest version immediately, they give hackers a golden opportunity to exploit their machines -- so upgrade now if you bought OS X 10.6. Yes, you too.
Fortress Apple is compromised by one of its residents
Increasingly, it is exploits of application vulnerabilities that are used to gain access to and control of modern operating systems, not attacks on the OS itself. With Apple relenting and allowing more third party software on its computers in a bid to appeal to a broader consumer market, it's finding it hard to maintain the image of security that its
, when its applications frequently develop exploitable vulnerabilities.
It was discovered this week that Apple's
new operating system
, OS X 10.6 "Snow Leopard" shipped with an outdated, vulnerable version of Flash -- 10.0.23.1. An upgrade to Snow Leopard downgrades the Flash from the current version (10.0.32.18) without prompting the user, according to security firm Sophos.
In doing so, the new OS puts customers at risk, as the older version of Flash had several widely known vulnerabilities. Adobe is a
for hackers, with Flash, Acrobat and Reader (used for PDF -- Portable Document Format -- files), all being frequently used to attack systems.
In July alone, Adobe was forced to issue 12 updates for its Flash player -- updates that were included in the latest version of the player, but not in the version Snow Leopard shipped with. Ten of those vulnerabilities could be used to execute arbitrary code on the machine.
By default Adobe's flash player only updates once every 30 days. That gives hackers a wonderful window to attack new Macs and Macs upgrading to the new OS over the next month, unless Apple or its users act.
Adobe's update settings are not configurable on the physical machine, but savvy users can safeguard themselves by going to the "
" page on Adobe's website, and setting their updates to seven day intervals (7, 14, 30 (default), and 60 day intervals are available). More importantly, they should upgrade immediately to the latest version of Flash.
Apple would not respond for comment about the development. The revelation of the vulnerability came as Apple shipped with its first ever
free malware detection software
, capable of detecting two common Apple malware programs -- "RSPlug.a" and "Iservice". Apple's press releases also bragged of several other security improvements in Snow Leopard. Nonetheless, security firms remain skeptical and these efforts, saying the OS still has many security flaws.
"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il
Apple Brags OS X Snow Leopard is More Secure, Security Firms Say Otherwise
September 1, 2009, 7:19 AM
OS X Snow Leopard Lunges from the Shadows for August 28 Release
August 24, 2009, 1:06 PM
Mac Gets The Girl In New Anti-Microsoft Ad
May 13, 2009, 9:33 AM
EWeek Ads Infect Users Thanks to Adobe Flaw
February 25, 2009, 8:37 AM
WhatsUp with WhatsApp?
August 29, 2016, 5:23 AM
Fuchsia – Google’s New Open Source Operating System
August 17, 2016, 6:30 AM
Windows 10: End of an Era & A New Beginning
August 1, 2016, 9:59 AM
Free Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Quick Note: Whoops, Microsoft Pushed Unwanted Windows 10 to Some Users
October 15, 2015, 9:04 PM
Quick Note: Windows 10 Insider Preview Build 10565 Fixes Boot Camp 6.0 Issues
October 13, 2015, 11:39 AM
Most Popular Articles
Problems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Bluetooth Saves Lives
October 16, 2016, 7:05 AM
Innovative Neurotechnology in Sound Therapy Reduces High Blood Pressure and Migraines
October 16, 2016, 5:00 AM
Car Insurance - The Hidden Discriminatory Practise
October 18, 2016, 5:00 AM
Latest Blog Posts
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
Battery Defect in Medical Device
Oct 12, 2016, 5:00 AM
IBM Bolsters Social Services Sector With Technology Grants
Oct 11, 2016, 5:00 AM
Scientists Sound Alarm on Climate but US Still Toys With Skepticism
Oct 10, 2016, 5:00 AM
IMEX America Trade Show
Oct 9, 2016, 10:00 AM
Phone Wars – Google VS Samsung Free Gifts on Purchase
Oct 6, 2016, 5:00 AM
Member of Parliament’s opposition car exploded in Tbilist capital of Georgia
Oct 5, 2016, 2:52 PM
US Government Cuts Cord On Internet Oversight
Oct 3, 2016, 10:34 AM
Are farm children less likely to have allergies and asthma in adulthood?
Sep 30, 2016, 5:00 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information