Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Software Apple News

Apple Auto-Disables Old Flash Players In Mac OS X 10.7.4 155

wiredmikey writes "Just released, and coming in at 370 MB in size, the Mac OS X 10.7.4 update includes general OS fixes, and addresses more than 30 security vulnerabilities. But aside from typical security fixes, Apple has made an interesting move in an effort to protect users. Through this latest software update, Safari 5.1.7 will now automatically disable older — and typically more vulnerable — versions of the Adobe Flash player. While many software vendors would prefer OS makers to keep their hands off their software, the move appears to be welcomed by Adobe, which has constantly battled vulnerabilities in its widely installed Flash Player."
This discussion has been archived. No new comments can be posted.

Apple Auto-Disables Old Flash Players In Mac OS X 10.7.4

Comments Filter:
  • More like 730 MB.
    • it comes in at 370 MB for my Mac Pro

      • Apple Software Update reports 729.6 MB for me (MacBook Pro). (Not combo update, either — updating from 10.7.3.)
        • Re:370 MB? (Score:5, Informative)

          by tonywong ( 96839 ) on Thursday May 10, 2012 @12:15PM (#39956695) Homepage
          Delta updates are sent via Apple Software Update which, in theory, is customized to patch a specific system model (Mac Pro or iMac or MacBook Air etc.). This means they can vary in size.

          However, I've found that delta updates can be more problematic and not patch everything that needs to be updated, which can lead to odd crashes and other funky behaviour.

          In my experience, I skip the software updates for delta releases and download the combo updater which has the kitchen sink mentality of updating.

          Link here (1.4GB) for standard install 10.7.4:
          http://support.apple.com/kb/DL1524

          1.5GB for Mac OS X Server 10.7.4:
          http://support.apple.com/kb/DL1529
      • Re:370 MB? (Score:5, Funny)

        by cpu6502 ( 1960974 ) on Thursday May 10, 2012 @12:41PM (#39957063)

        A mere 20 hours over dialup. :-o

        • by Anonymous Coward
          Get what you pay for.
          • Yeah..... remember when OS updates over your dialup line only took a few minutes? And fifteen and ten years ago the average webpage was a mere 40KB and 90KB respectively. But now it's balloned to 800KB.

            I upgraded to DSL for that reason. Of course a 370MB update still requires almost an hour and a half. Couldn't they at least *try* to keep software small? I like Microsoft's new philosophy of keeping Windows8 equal to Windows7 in size (only 1/2GB RAM needed).

  • Imagine (Score:1, Insightful)

    Imagine if MS had done this, the bitching here would be enormous. Just like how Palladium was decried by everyone when it was proposed by MS to secure PCs, but when Apple did it with iOS with extreme lockdown DRM, it was the best thing ever and there was not a peep from the same commentators that blasted MS.

    • Re:Imagine (Score:5, Insightful)

      by TheDarkener ( 198348 ) on Thursday May 10, 2012 @12:03PM (#39956459) Homepage

      I personally wouldn't have bitched one bit if MS took a stand against Flash. In fact, I would applaud them.

      • Re: (Score:3, Insightful)

        by XiaoMing ( 1574363 )

        I personally wouldn't have bitched one bit if MS took a stand against Flash. In fact, I would applaud them.

        Apple releases an update that disables third party software, less than a month after their inability to put a dent into bd.Flashback.
        And yet you still shovel on the praise and manage to spin it in your own mind, that rather than it being the heavy-handed tactics of a company that has no idea how to play well with others, they are simply taking a brave stand against flash!

        Man, Kudos to Apple, and kudos to yourself for being so brave too!

        The reality distortion field is strong with this one.

        • Apple releases an update that disables third party software, less than a month after their inability to put a dent into bd.Flashback.

          They disabled Flash in Safari only. If they take drastic actions they are vilified, but if they don't do anything they are vilified as well. The new Flash updater on Windows will perform automatic & silent updates. They don't offer this as an option for OS X.

          • by Cinder6 ( 894572 )

            I go through a reasonable amount of effort to ensure my software was up to date. I've gotten so used to Flash updating automatically on Windows that it didn't even occur to me it wasn't doing that on my Mac. After I updated to 10.7.4, it told me Flash was out of date. So I'm going to have to say this is a good move. I'd imagine most Mac users have outdated Flash versions.

            • If you own a commercial Adobe product, it comes with an update manager that can auto-update Flash. I don't know why they didn't provide this for their stand-alone free product.... ...but every time the automatic update software kicks in, I end up double checking to verify that it's the REAL automatic update software, as this is an obvious thing for a drive-by download to spoof.

            • I've gotten so used to Flash updating automatically on Windows....

              "Automatically"?

              If your definition of "automatic" is several dozen popups and mouse clicks, reading and accepting a new license agreement, etc. every single damn time you switch on a PC then, yes, I guess it's automatic.

          • Comment removed based on user account deletion
        • Re: (Score:3, Informative)

          Apple releases an update that disables outdated and vulnerable third party software...

          FTFY.

          The reality distortion field is strong with this one.

          Yep, you're standing on the wrong side of it.

      • Comment removed based on user account deletion
        • Re:Imagine (Score:5, Informative)

          by WrongSizeGlass ( 838941 ) on Thursday May 10, 2012 @12:38PM (#39957017)

          I think a notification/warning would be nice prior to purging it from the system. Maybe it does, I don't know. But at least let the owner of the computer know that...

          A: This version of flash will be uninstalled because yadda yadda yadda.

          and

          B: Accept or Decline, BTW here's a link to obtain the latest version after this Apple update has been completed.

          It disables Flash. It doesn't uninstall or delete it.

        • Re:Imagine (Score:5, Informative)

          by Yaztromo ( 655250 ) on Thursday May 10, 2012 @12:54PM (#39957241) Homepage Journal

          I think a notification/warning would be nice prior to purging it from the system. Maybe it does, I don't know.

          On both of the systems I applied it to yesterday, it popped up a dialog warning me that it was going to disable the out-of-date flash player, and inviting me to visit Adobe's website to download the latest copy. The two buttons on the dialog were along the lines of one to go to the download page, and one to simply continue disabling the out-of-date plug-in.

          And now you know.

          Yaz

        • I think a notification/warning would be nice prior to purging it from the system. Maybe it does, I don't know. But at least let the owner of the computer know that...

          Agreed. Nothing is more annoying than a piece of software turned off because "we know better". Follows what sort of dialog I would myself craft.. ;)

          "MacOS has detected an old version of Adobe Flash running on your computer. To help protect your security, this software has been temporarily disabled. You can choose to continue running current version (not recommended) or update Flash."

          [Update] [Continue using current] [Leave current disabled]

        • >>>I think a notification/warning would be nice prior to purging it from the system.

          You have no more right to be notified when Old Flash is being purged from your computer then to not be vaccinated from disease. This is a proactive measure from the state (or the megacorp acting for the state) to protect the internet from bad programs. We can't allow your diseased computer (or body) to be spreading these bots/viruses to other people.

      • by ifrag ( 984323 )

        A perfect candidate for Microsoft's "malicious software removal tool" program.

        It is disappointing that none of the updates to this tool have even tried to stop such a widespread infection. If anything, the enormous flash install base demonstrates that Microsoft's tool is completely ineffective against serious a malware infection.

    • Imagine you taking your meds this morning.

    • Re:Imagine (Score:5, Interesting)

      by Lunix Nutcase ( 1092239 ) on Thursday May 10, 2012 @12:07PM (#39956533)

      Maybe finish reading the whole summary where even Adobe welcomes this? Oh and you've made sure to bitch about Mozilla doing the same thing to older versions of the Java plugin [slashdot.org], right?

    • Re:Imagine (Score:4, Insightful)

      by spire3661 ( 1038968 ) on Thursday May 10, 2012 @12:13PM (#39956655) Journal
      For the last time, Apple is not microsoft and is not a convicted monopolist. Your comparison is retarded. When Apple holds ~85% share of all computers EVERYWHERE, then you can start making valid comparisons between the two.
      • by Anonymous Coward

        For the last time, Apple is not microsoft and is not a convicted monopolist. Your comparison is retarded. When Apple holds ~85% share of all computers EVERYWHERE, then you can start making valid comparisons between the two.

        Bad behavior is bad behavior, regardless of past actions.

      • For the last time, Apple is not microsoft and is not a convicted monopolist. Your comparison is retarded. When Apple holds ~85% share of all computers EVERYWHERE, then you can start making valid comparisons between the two.

        DOJ oversight ended recently http://www.neowin.net/news/doj-oversight-of-microsoft-ends [neowin.net]

        The iPad holds about 60 to 90% of the installed base of tablets and it doesn't bans Netscape(Firefox) from even running, forget about getting trouble for just bundling Safari by default like MS did.

      • For the last time, Apple is not microsoft and is not a convicted monopolist. Your comparison is retarded. When Apple holds ~85% share of all computers EVERYWHERE, then you can start making valid comparisons between the two.

        You're right, they're only a tiny helpless corporation with more spare cash (not even something intangible like nonliquid assetsmoney, but real money) than any other company in existence right now. Stop picking on them! they obviously don't have the capability to do anything beyond what they currently are able to manage, poor guys :C

      • So this is your argument.

        Microsoft is a convicted monopolist, because they bundled their web browser with their operating system. Therefore, if they distribute a patch or an upgrade which as part of its functionality disables a product which:

        • is from a third party vendor; and
        • is out dated and superceded; and
        • is known to be particularly vulnerable

        and the third party vendor expresses their support for that action;

        then they are scum and you disapprove. But only because they were convicted of bundling IE with Win

        • My argument is we treat Microsoft history with a different lens because of the egregious nature of being a convicted monopolist AND the nature of their overt acts. They tried to own all of computing and people fucking forget that. Your attempt to reduce the the verdict and punishment to browsers is cute. They convicted MS just like Al Capone, they got them for what they could get them for, even though there was a ton of other behavior that in a sane world would be punished too. Microsoft needs to continue
          • we treat Microsoft history with a different lens

            They were judged to have done a bad thing, they were convicted, and they paid the price. Agreed, not a stellar part of Microsoft's corporate history. Okay. Why does that mean that if they did the same thing today as Apple is doing, with the purpose of enhancing security, and with the full approval of the involved third party, you should have a different response based on whether it's Apple or Microsoft?

            Your attempt to reduce the the verdict and punishment to browsers is cute.

            "Cute"? Anyway...

            I recognize things are almost always more complex than they appear on the surface. But fu

            • "Can we stick to the point? If Microsoft were to do the exact same thing as Apple are doing in this case, would you approve or complain?"

              I reject the question outright. They are not the same and shall not be judged the same. Just because you feel like they have paid their penance doesnt mean that we dont STILL feel the effects of those crimes today. What they got was a slap on the wrist because at the end of the day Windows 'worked' for everyone and the DOJ was afraid of killing the golden goose. We judg
    • Imagine if MS had done this, the bitching here would be enormous.

      I don't think that's true. Mainly because I think you're vastly underestimating the blood-soaked hatred most people here have for the Flash player.

      I also think most people here are probably fine with the masses getting their shit updated automatically, as long as those of us who develop for and/or have to support old versions have the option of keeping older versions around when necessary.

    • by Pope ( 17780 )

      Because phones and computers are two different things?

      • What about tablets? We hear so much about a post-PC word and lots of common folks replacing desktops, laptops and netbooks with the iPad.

        • I sort of want a Galaxy Note. It's the happy middle ground between a tablet and a phone, but oddly I don't really see myself holding something with 5.3" screen up to my ear...

          "I CAN'T TALK, I'M AT THE THEATRE! NO, IT'S RUBBISH!"

        • These people who replaced desktop/laptops/netbooks with the iPad never really wanted a PC in the first place. The only reason they had one originally was because it was pretty much the only way to go on the internet. Most people don't want a general-purpose computer as it is just too complex to understand. They have no desire to program it, futz with the settings, or even change hardware components. I'm convinced that Apple doesn't include an SD card in their iPads because A, the slot looks ugly, and B, h
    • by fermion ( 181285 )
      Just to add a data point, I and many other bitched widely when Apple updates would automatically reinstall and activate Flash. There was no way to get away from flash. Apple depending on it for it's advertising, so that was all there was to it. Of course such comments are moderated down as such comments are meaningful, as opposed to comments that just randomly complain how unfair the world is.

      Now Apple, and the rest of the world, is not so dependent so much on Flash, due partly to the iPad, so they can

    • Re:Imagine (Score:4, Insightful)

      by amicusNYCL ( 1538833 ) on Thursday May 10, 2012 @12:51PM (#39957191)

      I would have exactly zero problems with Microsoft doing something like this (their biggest problem: getting people to actually install the update).

      When I read the headline and started the summary my reaction was along the lines of "whaaaaaat!". Then I saw that they were only disabling "older" versions of Flash, not Flash entirely, and thought about what it would be like for the end user. They visit a website that uses Flash, they see a message that Flash is not enabled or installed with a link to install it, they go through the process, et voila, you've gotten your users to update to the latest Flash player.

      I have zero issues with an OS update automatically disabling old vulnerable software versions (especially Java and Acrobat reader), provided there is a way for the user to re-enable them if there's some reason that they require a specific old version.

      I also generally hate every stance that Apple takes regarding control over their products, but this decision does make sense if they're trying to protect their users who wouldn't otherwise protect themselves. Microsoft should do the same.

      • by DdJ ( 10790 )

        When I read the headline and started the summary my reaction was along the lines of "whaaaaaat!". Then I saw that they were only disabling "older" versions of Flash, not Flash entirely, and thought about what it would be like for the end user.

        Right. Disabling Flash entirely is what Microsoft is doing, in the "Metro" flavor of "Windows 8" (where no browser plugins work at all).

        (Though if you flip back into "Desktop" mode, you can still get them. The "Desktop" flavor of the web browser is dumbed down over c

  • by kriston ( 7886 ) on Thursday May 10, 2012 @12:02PM (#39956455) Homepage Journal

    The Adobe Flash installer deletes itself, too, after installation. They really don't want the old, buggy stuff laying around.

    • Re: (Score:3, Funny)

      by Anonymous Coward
      If they really didn't want buggy stuff laying around, the Adobe Flash installer would delete itself before installation. ;-)
  • Last time I had an issue with a virus intrusion attempt, t was acrobat, not flash, that was the vector.

    • by Anonymous Coward

      I never install the Acrobat Reader on OS X, because the Preview application bundled with the OS does everything I need with PDFs.

      Sure, there are some who will need esoteric features of the full Reader client but it cuts out the vector for a huge majority of users.

    • Why did you even install it in the first place?
      Flash is required for youtube and other sites.
      Whyever would you need Acrobat?

  • That Adobe makes such software that it welcomes other people disabling it.
  • Safari 5.1.7 is installed AFTER upgrading the OS to 10.7.4. The ~400MB delta or ~1.3GB combo updates applied thru Software Update (700MB delta / 1.55GB combo if downloaded as standalone updaters) bring Safari to 5.1.6 and patch a slew of other pending issues. Then you can run Software Update again and install the ~35MB Safari 5.1.7 update.

    As for the disabling of vulnerable versions of third-party software, worth noting that a couple of weeks back during the FlashBack Trojan affaire, after installing the sec

  • This is probably good as Adobe seems to "patch" or provide "updates" to their product every 2hours or so.
  • by Corson ( 746347 ) on Thursday May 10, 2012 @12:45PM (#39957111)
    This is an issue that all non-OS applications have: how to get and install updates in a timely manner? Firefox checks for updates upon launch; drawback: annoyance for user as this results in an apparent slow launch. Google installs an update service; drawback: many users will disable this service due to the perception that it could slow down the entire system. Adobe Flash Player is a "system plugin" with its own update tool that runs at boot time; drawback: it requires user interaction, thus it is annoying. RealPlayer creates update tasks in the TaskManager; drawback: some users will disable them as they could increase boot/login time and/or are perceived as intrusive/spyware. The only acceptable solution is a system-wide update system, the way it works on Linux but without any user interaction; or updates delivered for all installed applications via Windows Update on Windows (which Microsoft is unlikely to accept).
    • The only acceptable solution is a system-wide update system, the way it works on Linux but without any user interaction; or updates delivered for all installed applications via Windows Update on Windows (which Microsoft is unlikely to accept).

      As long as it is optional. I see no reason to force user to upgrade anything on their system. Also, the OS could simply have a tool that programs can register with at install. That one tool would then regularly check for all registered programs. It doesn't have to be a single repository of software just a single communication standard.

    • This is an issue that all non-OS applications have: how to get and install updates in a timely manner? Firefox checks for updates upon launch; drawback: annoyance for user as this results in an apparent slow launch. Google installs an update service; drawback: many users will disable this service due to the perception that it could slow down the entire system. Adobe Flash Player is a "system plugin" with its own update tool that runs at boot time; drawback: it requires user interaction, thus it is annoying. RealPlayer creates update tasks in the TaskManager; drawback: some users will disable them as they could increase boot/login time and/or are perceived as intrusive/spyware. The only acceptable solution is a system-wide update system, the way it works on Linux but without any user interaction; or updates delivered for all installed applications via Windows Update on Windows (which Microsoft is unlikely to accept).

      The difficulty with some of these (granted, never had this issue with flash) is legacy support. Some businesses run specialized software that is occasionally broken by software updates. My personal experience with this has been JRE updates that break an app, until a couple release down the line fixes the issue, but others have seen this with Firefox as well. When this happens, users begin to equate "updates" with "broken apps" and then puts them off, it not avoiding them forever. While this isn't an excuse,

    • Most GNU/Linux and BSD derivates do this.
      MS doesn't because they don't want people to use IE, WMP, MS Office, etc. As long as they dont' provide the means for third parties to install/update software, they can control what average joe installs/runs. And it contributes to keep third party software out-of-date, which makes the software look bad as well, hence, point for MS (from the average user's PoV).

  • I understand not offering support or having a important sounding warning but why make it mandatory? I tend to keep my software updated but what if I didn't want to update my software? Why should Apple or any company be able to come in and make changes to my system without me first either giving them permission or setting the computer/software to auto-update?

  • Seriously, the gaping security holes in their products make me think they have to be consciously designing them that way.
  • when it means Safari?

  • Yeah, go for it.
    paying for security patches is the way to go.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...