Advertisement

Snow Leopard: Apple ships old, security-compromised Flash plugin with new OS

Editor

Updated Thu, Sep 3, 2009, 4:15 PM·2 min read

It's not that we have anything against the Flash plugin for Mac browsers. Well, other than the fact that it's crashy, and slow, and makes our laptop fans spin up like we're doing wind tunnel testing for the Air Force. But other than that, we have nothing against it -- and it's lovely that the new 64-bit version of Safari in Snow Leopard can isolate Flash-related stalls and hiccups from the main browser process for enhanced crash protection. Very nice.

Unfortunately, as pointed out initially by Graham Cluley over at the security and anti-virus vendor Sophos, the version of the Flash plugin that Apple bundles with Snow Leopard is old. It's the 10.0.23.1 version, old enough that it has some notable vulnerabilities versus the currently shipping 10.0.32.18 version. You can check which version of the plugin you have by visiting this Adobe check page. Even if you had the current build on your machine before upgrading to Snow Leopard, the upgrade process replaces your Flash with the vintage Flash instead -- poor form! Cluley recommends, and Adobe concurs, that the best thing to do is head over to Adobe's download site and get the most up-to-date version instead.

It's understandable that Apple had to lock down a version of the Flash plugin for inclusion in the OS golden master, but if you're gonna do that then you've got to provide an integrated method for users to update to the current build when the time comes (like, say, via an OS-wide Software Update utility). Downgrading user security while upgrading OS versions is a rotten way to run a railroad.

[Side note, does Cluley's narration in the video above make you wonder if, just maybe, he's moonlighting as Ben 'Yahtzee' Croshaw over at The Escapist? NSFW!]

Thanks to everyone who sent this in.

Engadget
The Rogue Prince of Persia is delayed because Hades II is a juggernaut
The Rogue Prince of Persia was supposed to debut in early access on May 14, but Evil Empire and Ubisoft have delayed it to get out of the way of Hades II.
Engadget
The M2 iPad Air is $30 off if you preorder at Amazon
The new M2 iPad Air arrives this week and you can already snap it up for a modest discount if you preorder on Amazon.
Engadget
Pick up this Anker 10,000mAh magnetic power bank for only $32
This Anker 10,000mAh magnetic power bank is on sale via Amazon for $32. That’s a discount of more than 20 percent.
Engadget
Apple's 10th-gen iPad hits a new low of $334
Amazon has marked down Apple's 10th-generation iPad to an all-time low price.
Engadget
Google Pixel 8a review: The best midrange Android phone gets flagship AI features
The Pixel 8a delivers handy AI features alongside a beautiful 120Hz OLED screen, excellent cameras and way above-average battery life for just $499.
Engadget
The best grills and grill accessories in 2024
Here’s a list of the best grilling gear you can buy -- including Traeger and Weber grills -- as chosen by Engadget editors.
Engadget
The Morning After: Those geomagnetic storms are messing with farming tech’s GPS systems
The biggest news stories this morning: Waymo’s robotaxis are making 50,000 paid trips every week, Most Apple App Store developers aren’t trying outside payments, Alienware m16 R2 review.
Engadget
Apple Store workers in Maryland have voted to authorize a strike
Apple's first unionized Store in Towson, Maryland has now authorized the first strike against the retail giant.
Engadget
The 21 best Nintendo Switch games in 2024
Here's a list of the best games for Nintendo Switch and Nintendo Switch Lite, from A to Z trigger, as chosen by Engadget editors.
Engadget
Most App Store developers aren’t taking Apple up on its new outside payments option
In a hearing on Friday as part of the ongoing legal battle with Epic, Apple said only 38 developers have applied to add links to external payment options — out of roughly 65,000 that could, according to Bloomberg.
Engadget
The geomagnetic storm is a nightmare for farmers relying on precision agriculture tech
According to a report by 404 Media, the intense solar activity over the last few days has disrupted critical GPS systems that guide modern tractors. Modern John Deere tractors as well as those from other brands rely on this technology for precision.
Engadget
Pre-orders for Ghost of Tsushima on PC are being canceled in countries without PSN access
People who pre-ordered the PC port of Ghost of Tsushima Director’s Cut in countries that don’t have access to PlayStation Network (PSN) were reportedly notified that their purchases have been canceled and auto-refunded.
Engadget
'Extreme' geomagnetic storm may bless us with more aurora displays tonight and tomorrow
Tonight may offer another chance to catch the aurora if you have clear skies, according to the NOAA, and Sunday could bring yet more displays reaching as far as Alabama. The agency says the 'extreme' geomagnetic storm will continue through tomorrow.
Engadget
28 Years Later is coming to theaters next summer
Fans have been waiting a long, long time for another installment in the 28 Days Later franchise, and we now know when the next followup is coming out: June 20, 2025. 28 Years Later will be directed by Danny Boyle and written by Alex Garland.
Engadget
What we’re listening to: Trail of Flowers, Hyperdrama, Science Fiction and more
In this installment of What We're Listening To, the Engadget team discusses some of the recent releases we've had on repeat, including new music from Sierra Ferrell, Justice, Utada Hikaru and Caroline Polachek.
Engadget
Waymo says its robotaxis are now making 50,000 paid trips every week
Waymo has revealed, as well, that it's had over one million rider-only trips across four cities.
Engadget
Doctor Who: The Devil’s Chord review: Is this madness?
'The Devil's Chord' is a mess, but it's probably an intentional mess.
Engadget
Doctor Who Space Babies review: Bet you didn’t expect that
'Space Babies' is crazy, chaotic and political. Just as Doctor Who should be.
Engadget
Apple’s big AI rollout at WWDC will reportedly focus on making Siri suck less
Apple will reportedly focus its first round of generative AI enhancements on beefing up Siri’s conversational chops. The company will reportedly roll out a new version of Siri powered by generative AI at its WWDC keynote on June 10.
Engadget
Samsung HW-Q990D soundbar review: A small but significant update
Samsung's home theater powerhouse got the one thing it was missing, but not much else for this year's model.