Saturday, March 2, 2013
Apple blacklists older versions of Flash plugin due to security risk
Just as it did with some versions of Java, Apple has now blocked older versions of Adobe's Flash plugin to protect Mac users from security risks. In a new support document posted to its website on Friday, Apple explained that it has already updated its plugin blocking tool built into Safari—users don't need to lift a finger.
"To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player," the company wrote.
Earlier this year, Apple blacklisted the latest version of Java—twice—due to security vulnerabilities. But Flash comes with its own security risks: Adobe issued an emergency Flash update earlier this month due to similar vulnerabilities on OS X and Windows, with another emergency update issued again three days ago. Like the Java holes, the Flash vulnerabilities allow remote attackers to surreptitiously install malware on vulnerable machines.
In order to block older versions of Flash, Apple has updated its "Xprotect.plist" file so that any versions that come before the current one (version 11.6.602.171) cannot be used on a Mac. Users who have older versions of Flash installed will be greeted with an alert that says "Blocked plug-in," and Safari will prompt the user to update to a newer version. If you want to check which version of Flash you have installed right now, you can go to Adobe's website to get the version number and perform an update if necessary.