Apple's Users at High Risk After Snow Leopard Ships With Vulnerable Flash

From DailyTech: Increasingly, it is exploits of application vulnerabilities that are used to gain access to and control of modern operating systems, not attacks on the OS itself. With Apple relenting and allowing more third party software on its computers in a bid to appeal to a broader consumer market, it's finding it hard to maintain the image of security that its ads claim, when its applications frequently develop exploitable vulnerabilities.

It was discovered this week that Apple's new operating system, OS X 10.6 "Snow Leopard" shipped with an outdated, vulnerable version of Flash -- 10.0.23.1. An upgrade to Snow Leopard downgrades the Flash from the current version (10.0.32.18) without prompting the user, according to security firm Sophos.

In doing so, the new OS puts customers at risk, as the older version of Flash had several widely known vulnerabilities. Adobe is a popular target for hackers, with Flash, Acrobat and Reader (used for PDF -- Portable Document Format -- files), all being frequently used to attack systems.

In July alone, Adobe was forced to issue 12 updates for its Flash player -- updates that were included in the latest version of the player, but not in the version Snow Leopard shipped with. Ten of those vulnerabilities could be used to execute arbitrary code on the machine.

View: Article @ Source Site