“Apple has detailed the security issues patched by Mac OS X 10.6.5 and the corresponding Security Update 2010-007 for Mac OS X 10.5, indicating that more than half of the security vulnerabilities in Mac OS X actually affect the Adobe Flash plugin and X11,” Daniel Eran Dilger reports for AppleInsider.
“Of the 131 security vulnerabilities identified and patched by the latest Mac OS X update… the most security vulnerabilities by far are associated with the Adobe Flash plugin, with a whopping 55 issues listed, the ‘most serious of which may lead to arbitrary code execution,’ Apple reports in its Apple Product Security update,” Dilger reports.
Dilger reports, “This leaves little reason for wondering why Apple has worked to shed all third party platform code from its mobile iOS, including Java and Flash.”
Full article here.
[Thanks to MacDailyNews Reader “James W.” for the heads up.]
Did you expect anything different?
one thing it is hard to impart to people is that even tho their windows box has a faster processor and more ram than whatever mac- the mac isn’t running bloated BS such as AV, windows bloat, and god knows what else in their startup folder/script (of which adobe loves to install by default funny enough). A mac can run faster than a windows with half the hardware stats.
Adobe Flash, a hackers best friend.
Can someone tell me why, if OS X is supposed to be so superior, that a little program like Flash can be so hazardous to the whole system?!?!?
flash is software. so is any virus or worm. I’m not saying flash is a virus (chuckle) but by virtue of an admin installing and verifying the software he is installing (such as flash) you give that software a lot of power to do things on your mac. and if the software you gave control to is looser than a drunk ho bag at mardi gras… well.. get it?
@concerneduser
Flash is hazardous to EVERYONE. OS X is the only one whose developers seem to care, is all.
ConcernedUser, if you load a application and run it for the first time, you get an OS X prompt asking if you are sure about that application. After it is in your Mac and run once, no more prompts. So, I assume if the application can be manipulated to do something by a downloaded file, it already had your approval to do it. So, you get hacked by a file that is using a program you said could have open access.
If Adobe doesn’t controlled what a hacker may do, than you are screwed. Adobe keeps leaving the back door and most of the windows open and is to stupid to care about it.
At ConcerndUser:
Think of UNIX, of which OS X is a “flavor”, as an operating system designed early on to provide a “shield” around your computer to provide security in a networked environment.
Now think of installing poorly designed software such as Flash, as like throwing a bomb at that shield. Why would you want to do that?
Is netflix’s queue flash-based? It’s slow and buggy. Anyone know?
Twitpick:
Netflix is based on Silverlight…. ick….
@ConcernedUser
You’re an idiot. Someday someone will come up with a patch to fix stupidity, until then there will always be ignorant people blaming the OS makers for problems that users have created.
You can’t fix stupid.
Flash = weakest link
Apple is all about having a great user experience, free of any hassles, or problems, on a device that just works. If you start to have problems, because of some bad software that they didn’t even write, Apple will get all the blame.
@ConcernedUser
You asked how “a little program like Flash” can be hazardous to the entire OS. Seriously? Do you really think the size of a program makes any difference at all to the potential harm it can cause? This sounds like play-ground logic where the biggest kid always wins.
You may have noticed that there are many different diseases that are so small you can see them – but they sure can kill you. Same with an OS. Please think a little more clearly before posting.
Maybe OS X is faster than Windows XP/7 for CPU intensive tasks… but for 3D rendering and gaming, Windows PC’s are vastly superior.
Go check out any number of benchmarks running a native OS X game versus the same machine in Boot Camp/Windows mode running the same game, and Windows is always much faster.
This is even true for all the newest Valve games, where they spent a lot of time trying to make the OS X version as fast as the Windows version, but can’t. This is mostly due to Graphics Drivers, which are faster and more mature on the Windows platform.
That being said, Valve did state that Team Fortess 2 crashes 1/10 as much on OS X versus Windows, so at least it’s more stable if nothing else.
…how “a little program like Flash” can be hazardous to the entire OS…?
Actually it IS Apple’s fault.
First off Apple ALLOWED third party software to use the Administrative Password for installs of their software, when with earlier versions of OS X it was a simple matter of drag and drop into the Applications folder.
Using the Admin Password is giving root access to OS X (using the sudo, aka “super user do” command). Therefore third party software could do whatever to whomever and even access any file on the drive.
But maliciousness aside, ANY vulnerability in a root level installed third party software also usually gives root access to OS X.
If the NSA wanted to hack your machine and couldn’t get permission from Apple, they could go to Google (installs a auto-updater with Google Earth) or they could go to Microsoft (if you use Office or Silverlight) or any third party program your using that was installed with Admin Password. Heck with Adobe their stuff is so messed up that the NSA wouldn’t need permission, just use one of the freely available exploits.
OS X should have it’s very own password, only used for Software Updates and vital core Apple Software. Not for everyone and everything else.
Apple trusted third party software makers with root level access to OS X and that was a mistake.
The MacAppStore isn’t a solution, sand boxing applications from OS X is.
Interesting that the last two posts are next to each other, since they answer each other.
Apple gives third party software root access so that hardware acceleration is possible, but thereby opens up the possibility for new exploits. Oh, well. Choose your poison.
Actually, I believe the Netflix Queue is based on JavaScript (probably jQuery), as is the entire site. The Instant Watch Movie Player is based on Silverlight.
You are a F$CKING A$$HOLE!!!
Dude asks a serious question and what you have to offer is “You’re an idiot!”
F$CK YOU YOU WORTHLESS PIECE OF $HIT
I don’t care if I get blocked from the site,
Did you ever stop, for even a brief moment, to consider that the guy asking the question was geniunely interested in why Flash is such a problem?
Did you stop to think that, perhaps, “little” was not to be taken literally to mean a small program?
No. Of course you didn’t. Because you’re like every other prick who DOES know these answers and you take on some sort of superiority complex.
You’re almost as bad as dude who just straight up called the guy and idiot. You’re just a more diplomatic a$$hole.
@everyone pissed at me
ConcernedUser said:
“Can someone tell me why, if OS X is supposed to be so superior, that a little program like Flash can be so hazardous to the whole system?!?!?”
You can live in freakin’ Fort Knox, but if you leave the keys on the doorstep and put signs up every where inviting all to come in and look around, it ain’t so secure.
Unless you can remove the user completely from the equation, a system will never be perfectly secure. But of course that would take the “personal” out of personal computer wouldn’t it?
Wow someone needs to switch to decaf.
Switch to decaf might work.
Those guys being a little more helpful, and not so snobby, might also be an approach.