Thursday, September 03, 2009, 05:20 am PT (08:20 am ET)
Apple's Snow Leopard upgrades Mac OS X, downgrades FlashWhile Snow Leopard makes a number of improvements to Apple's Mac OS X machines, for those who have kept Adobe Flash up to date, installing the new operating system will reportedly downgrade the software.
According to antivirus company Sophos, Snow Leopard installs version 10.0.23.1 of Flash for Mac, a security downgrade from the most up-to-date version, 10.0.32.18. Senior Technology Consultant Graham Cluley said the change is made without prompting the user. He called the move "pretty bad."
"I realize how much malware is out there," he said. "But after upgrading to Snow Leopard, when I went to Adobe's Web site, what it actually told me was I had actually downgraded. I was no longer running the latest version of Adobe Flash."
As hackers have targeted Adobe's Flash player for browser-based vulnerabilities, the company has responded, like Microsoft, by releasing regular security updates for its software. Users can check what version number they're running and download updates at Adobe's Web site.
"Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded," Cluley said. "We know that hackers keep finding security holes in Adobe's code - and that's deeply concerning because it is so widely used by many Internet users, whether on Mac or PC."
In an effort to beef up security protection, Apple included limited malware protection in its latest operating system. Though the feature only scans files for two Trojans out of the box, the basic defender could be upgraded over time to protect against other potential threats.
On Topic: Mac OS X
- Belkin unveils Thunderbolt 2 Express Dock HD for Apple's Macs
- Apple calls for OS X Yosemite app submissions ahead of launch
- Apple provides golden master candidate of OS X Yosemite to developers
- Apple releases bash patch to plug 'Shellshock' security flaw in OS X Mavericks, Mountain Lion, Lion
- Apple says most customers not vulnerable to 'shellshock,' patch coming for advanced users