John Gruber once more provides the voice of reason. I actually didn’t think this was that big a deal, but wanted to get the info to any of you who are not as geeky about following this kind of news. I was also lazy and just reposted TUAW’s article in full . . . not something I often do and not something I plan on doing again since I defeats my general effort to use this space in a more thoughtful manner and with greater attention to developing ideas and thoughts instead of posting stuff to simply post stuff.
The gist of the article is simple, if you install Snow Leopard, you should update your Adobe Flash. That is all.
It’s not that we have anything against the Flash plugin for Mac browsers. Well, other than the fact that it’s crashy, and slow, and makes our laptop fans spin up like we’re doing wind tunnel testing for the Air Force. But other than that, we have nothing against it — and it’s lovely that the new 64-bit version of Safari in Snow Leopard can isolate Flash-related stalls and hiccups from the main browser process for enhanced crash protection. Very nice.
Unfortunately, as pointed out initially by Graham Cluley over at the security and anti-virus vendor Sophos, the version of the Flash plugin that Apple bundles with Snow Leopard is old. It’s the 10.0.23.1 version, old enough that it has some notable vulnerabilities versus the currently shipping 10.0.32.18 version. You can check which version of the plugin you have by visiting this Adobe check page. Even if you had the current build on your machine before upgrading to Snow Leopard, the upgrade process replaces your Flash with the vintage Flash instead — poor form! Cluley recommends, and Adobe concurs, that the best thing to do is head over to Adobe’s download site and get the most up-to-date version instead.
It’s understandable that Apple had to lock down a version of the Flash plugin for inclusion in the OS golden master, but if you’re gonna do that then you’ve got to provide an integrated method for users to update to the current build when the time comes (like, say, via an OS-wide Software Update utility). Downgrading user security while upgrading OS versions is a rotten way to run a railroad.
[Side note, does Cluley’s narration in the video above make you wonder if, just maybe, he’s moonlighting as Ben ‘Yahtzee’ Croshaw over at The Escapist? NSFW!]
Thanks to everyone who sent this in.
TUAWSnow Leopard: Apple ships old, security-compromised Flash plugin with new OS originally appeared on The Unofficial Apple Weblog (TUAW) on Thu, 03 Sep 2009 16:15:00 EST. Please see our terms for use of feeds.Read | Permalink | Email this | Comments [From Snow Leopard: Apple ships old, security-compromised Flash plugin with new OS]