<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><p><a href="http://www.sophos.com/blogs/gc/g/2009/09/02/apple-ships-vulnerable-version-flash-snow-leopard/">http://www.sophos.com/blogs/gc/g/2009/09/02/apple-ships-vulnerable-version-flash-snow-leopard/</a></p><p><span class="Apple-style-span" style="color: rgb(51, 51, 51); font-family: arial, helvetica, sans-serif; font-size: 14px; "><small class="postmetadata" style="font-size: 13px; line-height: 2em; color: rgb(103, 103, 107); ">Posted on September 2nd, 2009 by Graham Cluley, Sophos</small><br><small class="postmetadata" style="font-size: 13px; line-height: 2em; color: rgb(103, 103, 107); ">Filed under: <a href="http://www.sophos.com/blogs/gc/g/category/apple/" title="View all posts in Apple" rel="category tag" style="text-decoration: none; color: rgb(92, 124, 142); ">Apple</a>, <a href="http://www.sophos.com/blogs/gc/g/category/malware/" title="View all posts in Malware" rel="category tag" style="text-decoration: none; color: rgb(37, 113, 194); ">Malware</a></small></span></p><p>The last thing you expect when you upgrade your operating system, is that you will have some of your security silently downgraded.</p><p>But that's precisely what seems to have happened with Mac OS X Snow Leopard, which ignores that you have been keeping Adobe Flash up-to-date and downgrades it to an earlier version, as the following<a href="http://www.youtube.com/watch?v=U20NaKiF3Ds" rel="nofollow" style="text-decoration: none; ">YouTube video</a> shows:</p><p>So, lets explain what's going on here. Imagine you have a Mac. Imagine you have been really diligent about keeping your copy of Adobe Flash up-to-date (Adobe is commonly targeted by the bad guys, and so Adobe has been releasing regular security updates for Flash and PDF Reader)</p><p>Now, imagine (like me) you got your copy of Snow Leopard on Friday, and have now updated your computers.</p><p>Unfortunately during the course of that update (and unknown to you) Apple <em>downgraded</em> your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities.</p><p>The version you should be running is the latest version of Flash Player for Mac - 10.0.32.18.</p><p>Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of <a href="http://www.sophos.com/blogs/gc/g/2009/07/31/update-adobe-flash-player/" style="text-decoration: none; ">potential attacks and exploits</a> which have been targeted on Adobe's software in recent months.</p><p>I urge all Mac users who have upgraded to Snow Leopard to double-check that their version of Adobe Flash is current and - if not - update it immediately from <a href="http://get.adobe.com/flashplayer/" rel="nofollow" title="Link to Adobe website" style="text-decoration: none; ">http://get.adobe.com/flashplayer/</a></p><p>This should be done as a matter of priority. Adobe is the "new Microsoft" when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit. This has lead the company to follow Microsoft's example by <a href="http://www.sophos.com/blogs/gc/g/2009/06/10/adobe-releases-patch-tuesday-security-fixes/" style="text-decoration: none; ">releasing regular security updates</a>.</p><p>Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded. We know that hackers keep finding security holes in Adobe's code - and that's deeply concerning because it is so widely used by many internet users, whether on Mac or PC.</p><p>It's vital, therefore, that users ensure they are running the latest version - and that, in the future, operating system manufacturers do not reduce their customers' level of security without warning.</p><p>If you're not sure which version of Adobe Flash you have on your computer (whatever operating system you use), take 30 seconds to visit <a href="http://kb2.adobe.com/cps/155/tn_15507.html" rel="nofollow" title="Link to Adobe Flash version test" style="text-decoration: none; ">their website</a>. Adobe will not only tell you what version of Flash you are running, they will also tell you what version you <em>should</em> be running.</p><p><a href="http://www.sophos.com/blogs/gc/g/2009/09/02/apple-ships-vulnerable-version-flash-snow-leopard/" id="AppleMailRSSReadMore" style="text-decoration: underline; ">Read more…</a></p></body></html>