AppleInsider Staff
In a support document published on Friday, Apple confirmed that it has blocked older versions of Flash to protect Safari users from recently discovered vulnerabilities in the web content player.
While Adobe has already fixed the flaws being exploited, Apple instituted the plug-in-blocking feature in its Safari web browser to safeguard users who may not have downloaded the latest patches. The change affects Macs running OS X Mountain Lion, Lion, and Snow Leopard.
From Apple's support document:
To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player.
Users who have not yet downloaded the most recent version of Flash, designated as version 11.6.602.171, will see a "Blocked Plug-in" alert in Safari. Selecting the prompt will bring up a pop-up window containing a link to download and install the most up-to-date version of Adobe's software.
Adobe on Tuesday acknowledged the existence of three separate vulnerabilities being exploited in the wild, including one targeting the Firefox browser, and recommended users update to the latest Flash version.
With Flash being a popular form of content delivery on the web, nefarious programmers are constantly developing malicious software to take advantage of the player's many flaws. Most recently, Apple blocked Flash in early February to protect against a similar exploit.
Oliver Haslam
Andrew O'Hara
Charles Martin
Wesley Hilliard
Marko Zivkovic
Malcolm Owen
Andrew Orr
49 Comments
They've been doing this for a few versions now, I think.
Remember when people complained about the lack of Flash on iPhone. I can't say I'm worried about missing out on all of those viruses.
It should be the user's choice. For example when I am far away from fast Internet and only have 3G, I suddenly discover that the latest Safari which I updated before leaving on my mapping excursion has blocked Flash, effectively preventing me from updating my Open Street Maps project which runs in Flash.
Edit: Of course now I know and I could always use Chrome but still...
Java, Flash, Java, Flash... What a merry jig to dance to!
I'm glad Apple has taken an aggressive approach in disabling vulnerable plugins (first Java, now Flash). Me, I've uninstalled Flash altogether and haven't looked back. If there's flash content I need to view, I'll fire up Chrome, which has Flash embedded. Then when I'm done viewing, I switch back to Safari. I will not have my machine infected due to some crappy plugin! BTW, most newer YouTube videos work in Safari HTML5 just fine.