Microsoft’s Silverlight: The next plugin Apple will be blocking

“So by shear accident, I was in Windows 7 via Boot Camp today. I decided to run updates and actually look at what was being updated,” brunerd reports.

“I noticed there was a new Silverlight update, 5.1.20125.0, speak of the devil, in my XProtect Plugin Checker post, not long ago, I speculate when Silverlight will be blocked by Apple because of a security update,” brunerd reports. “Security bulletin MS13-022 explains the critical nature of this for Windows and Mac, if you want to see an MS engineer tell you it’s Priority 1 this month you can visit the Microsoft March 2013 security update page. You’ll need Silverlight to watch the video, but don’t worry it won’t give you prompt you to update. Neither does Netflix. Apparently Microsoft haven’t pulled the trigger to alert users with old Silverlight plugins!”

“Now, what happens when I visit a Silverlight page in Safari?” brunerd wonders. “Boom, blocked. Aha! This mechanism is quite extensible to whatever plugin Apple deems insecure.”

Much more in the full article here.

25 Comments

  1. No big deal Microsoft has put silverlight on life support anyway. Version 5 is it. There will be no more feature releases because they discontinued it.

  2. Silverlight is still the only way to use Netflix on a Mac. They have made native apps for basically every other computer platform on the planet – Netflix needs to make a native OS X app already.

      1. Define “native Mac app”. You mean you want it to run outside of the browser, installed in the Applications folder? Does any streaming service do that?

        But yeah, I’m all for Netflix ditching Silverlight. Unless they’re complete idiots, they must be working on it, given that Microsoft has indicated they’re sunsetting the software.

        ——RM

    1. Good for all.

      One did not need to be a guru to figure out that silver thing would not fly or last long.

      I did cancel my Netflix (about six months ago) because they would stop processing the prepaid debit card that had been ok for some months but, I would say Netflix was fairly ok.

      I remember trying to watch it through my iMac, right after becoming a subscriber, only to hit the wall with a very annoying and disappointing message “you need silverlight”…. What!!?? Then I just closed the browser. Ha!

    1. Could be. brunerd prides himself on his curls, and combing through his article reveals a programmer’s fastidiousness, despite a laid-back style. The plug-in itself hardly qualifies as a hair-raising security risk, especially as its use has dwindled. The bald fact is, Microsoft doesn’t want users scratching their heads over it; these days, it’s Apple with the hair trigger, alert for the slightest sign of dandruff or scabies.

      1. Shear.. heh… oops… it was a late night blog run, ain’t nobody got time for spellcheck! Yeah, I used to have the ‘caricature hair’ as my banner graphic… anyway replaced with Mies van Der Rohe buildings in winter, looks more techie.
        Anyway, as for the flaw, the saving grace is that it was privately disclosed to MS rather than published so that buys some time before an exploit is in the wild, but now researchers (and others) will be looking for the hole and perhaps find others. It’s no different than the flaws in Flash or Java that enabled code to silently load and execute. Imagine it being used in a ‘watering hole’ attack where a legit site is compromised (imagine imdb.com since movie lovers are most likely Netflix watchers too) and the thought could make one’s hair stand on end 🙂

  3. Okay, so the article is about how this paranoid hacker set up his own Mac to block old versions of Silverlight from Safari. Good for him, I guess. Me, I’m not going to worry about it. I sincerely doubt hackers are wasting time filling the web with malicious Silverlight content, when Flash and Java provide much bigger targets.

    Reading what MDN quoted above, it looked like Apple had chosen to block Silverlight altogether.

    ——RM

    1. Heh, not paranoid, just a Mac SysAdmin who takes his users’ security seriously. Blocking Silverlight via XProtect was a way to test what would happen when/if Apple does this and when you’ve got a few hundred Macs you are responsilble for its nice to know what to expect when Apple turns out the lights on a plugin! Lots of Netflix subscribers who have Macs have this installed and the vulnerability can be expoited silently via malicious banner ads, so it’s kind of a big deal. But no, Apple hasn’t blocked it yet, but they’d be wise to. Microsoft should be alerting current Silverlight users with an out-of-date popup everytime they load Silverlight content until they patch themselves. And Netflix should move away from Silverlight already!

      1. Silverlight in banner ads? Is that really a thing? I mean, I know Flash is used in banner ads, but everyone has that.

        With AdBlock, I’m not worried about banner ads.

        But yeah, Netflix would be stupid to continue to use Silverlight to deliver their content. Betting your business on a piece of software Microsoft isn’t even interested in anymore is not a wise move. Unless Netflix is run by complete morons, you gotta believe they’re working on a replacement.

        However, until they do, Netflix is a huge reason why Apple probably can’t just block Silverlight altogether like they did with Java. Blocking Java affects a few nerds and technical users. Blocking Netflix affects, well, everybody.

        ——RM

        1. Actually it affects schools, Ever hear of Pearson? The biggest educational software and text book maker around, their flagship online product: successnet. Uses both java and flash.

  4. I think it was the Flip Player updater that tried to install Silverlight on my Mac a few times. The thing is, you might not notice this unless you went into the default installation pane and unchecked Silverlight.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.