As noted by Ars Technica, Adobe late yesterday issued a security bulletin announcing that it was releasing updates to Flash Player in order to address a pair of security vulnerabilities targeting Mac and Windows users.

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

Users can manually download the new 11.5.502.149 version of Flash Player from Adobe’s site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

In response to the issue, Apple has updated its Xprotect anti-malware system to enforce new minimum version requirements blocking all previous versions of Flash Player. Apple has used the system several times over the past month to block vulnerable versions of Java.

flash_player_blocked_mac
Apple has also posted a new support document addressing the issue and explaining to users how to update Flash Player when they discover that the plug-in has been blocked.

This is why Apple have been fighting for a plugin-free web.

It’s certainly cost them sales (not having flash and to a lesser extent Java on iOS devices, for example), but it’s worth it. I’m glad they didn’t take the easy road.

Flash, Flash, why do you crash?
Flash & Java are usually replaceable with HTML 5 + Javascript. The only time I can think of Java being more convenient is for the more direct hardware access, but this is precisely why it’s so dangerous!

I’m pretty sure we could do away with these technologies and still have a web functioning pretty much like today, only with less crashes, less resource requirements, and better mobile platform support.

Flash isn’t supported by iOS, Android since 4.1, or Windows Phone 8. It’s ridiculous that web designers still use the technology.

Flash, Flash, why do you crash?

My poor keyboard, you make me smash.

Apple needs to stop blocking software. If they want to display a warning, fine. But for people who rely on their computers to do actual work, it isn’t acceptable for them to keep disabling software that many people use and need on a daily basis. Inform people of the vulnerability and give them the option of disabling it.
Does anybody use flash anymore ? I been blocking flash for 4 years

Tried to open the download link.
“Your Google Chrome browser already includes Adobe┬« Flash┬« Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.” :cool:

Yeah, all versions of Chrome come with an internalized Flash instance separate from the OS. So, for someone like autrefois who wants to run an insecure plugin, they can just use Chrome.

Funny how the devs do this for Flash, but continue to take a stand against a real standard like H.264. :rolleyes:

Apple needs to stop blocking software.

No, people need to stop making users “do actual work” using poor platform choices and insecure software. Flash and Java’s times are over. I’m glad Apple is doing this, because it highlights the fact that these plugins need to go.

Apple can go ahead and keep blocking Flash.

Flash isn’t supported by iOS, Android since 4.1, or Windows Phone 8. It’s ridiculous that web designers still use the technology.

Not only that but it’s ridiculous that a website would still require Flash or Java to function properly. A proper website should still be readable and navigable with javascript disabled.

Users can manually download the new 11.5.502.146 version of Flash Player (http://get.adobe.com/flashplayer/) from Adobe’s site, or those who have specified that Adobe may update Flash Player automatically may simply allow it to do so.

The current version is actually 11.5.502.149

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>