Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update (cataloged by their public Common Vulnerabilities and Exposures or CVE ID), 16 are related to X11, an optional install which enables Mac OS X to run apps designed for the Unix X Window specification. Another five are related to features in Mac OS X Server that are missing in the desktop version.
Nine more affect Apple's own QuickTime, one is related to the Mac OS X kernel, one affected Safari, and another 45 were found in various other code, including some that is proprietary to Apple (such as its AFP file server, CoreGraphics and CoreText) and some that is incorporated by Apple from open source projects into its operating system (including the Apache web server, CUPS printing, OpenLDAP, Python, and PHP).
However, the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the "most serious of which may lead to arbitrary code execution," Apple reports in its Apple Product Security update.
This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash (and of course, X11).
Security, battery issues unfortunate for Adobe
The security issues related to Flash are in fact the stated reason why Apple is backing away from bundling the plugin with its new computers. Apple began shipping the MacBook Air without Flash installed, noting that customers could install the plugin on their own to ensure they had the latest, most secure version.
However, testing indicates that in normal operation, Flash can also consume dramatic amounts of battery life just to animate web ads in the background, resulting in as much as two hours of lost productivity on a single charge.
After that fact was publicized, Adobe's CTO Kevin Lynch lashed out at Apple, saying in an interview, "I just think there's this negative campaigning going on, and, for whatever reason, Apple is really choosing to incite it, and condone it."
Lynch characterized Apple's exclusive support for HTML5 for displaying dynamic web content on iOS devices as "unfortunate" and "a blockade of certain types of expression," but also noted, "we support [standard based web development using] HTML. We're making tools for HTML5. It's a great opportunity for us."
25 Comments
The proof of the pudding is in the eating.
The proof of the bugging is in the patching.
I think I see AppleInsider's game. I'm not biting this bait
I think I see AppleInsider's game. I'm not biting this bait
Funnily enough, thats exactly what I was thinking about. By tomorrow morning, hundreds would have been baited. Let the comments begin. I am expecting a torrent of "... sucks" (Android, WP7, RIM, food, water, anything not made by apple).
How exactly does Apple patch flaws in Flash? Do they just find vulnerabilities that Flash has exposed in their own OS and fix them? Or is that supposed to be Adobe's job?
From everything I've read I'm with Apple on this. I find flash sites slow and clunky...just look at Nike's site! Uggh!
I think adobe is backing the wrong horse!
Best