Posted by: David Harley | June 16, 2010

Apple and Adobe: Kitchen (Out of) Synch Drama

[Correction: there was a typo below. It was supposed to read "...it appears that the OS X v10.6.4 update does not downgrade users..." Clearly I need to be more careful about proofreading. Many thanks to Wiebke Lips for pointing it out (comment will be approved any moment now).]

Apple security update 2010-004/Mac OS X 10.6.4, just released, includes  mitigation for 28 security vulnerabilities, as well as including the latest Safari 5 release. (This in itself addresses 48 security vulnerabilities.) So far, so good: well, maybe I’ll reserve judgement until it finishes downloading on my MacBook, but updates don’t usually cause me hassle.

(See also “Apple Patches Critical Mac OS X Security Flaws” by Ryan Naraine.)

 There is a less obvious problem in this case, though. According to an Adobe bulletin, the OS X update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than is available from Adobe.com, which recommends that users stick with the latest “most secure” version of Flash Player (10.1.53.64).

However, unlike a previous occasion, it appears that the OS X v10.6.4 update does not downgrade users who have already upgraded to Adobe Flash Player 10.1.

[Additional comment from Warwick Ashford at Computer Weekly: http://www.computerweekly.com/Articles/2010/06/16/241616/Latest-Mac-OS-X-version-still-needs-Adobe-update.htm]

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com

http://wp.me/pL5CO-8B

About these ads

Responses

  1. [...] So I said here: [...]

  2. [However, unlike a previous occasion, it appears that the OS X v10.6.4 update downgrade users who have already upgraded to Adobe Flash Player 10.1.]

    This should not be the case. In the testing we have conducted on our end, it appears that Mac OS X v10.6.4 update does NOT downgrade users who have already upgraded to Adobe Flash Player 10.1. We still recommend, however, users double-check, just in case. To verify the Adobe Flash Player version number installed on your system (after applying the Mac OS X security update), access the About Flash Player page at http://www.adobe.com/software/flash/about/, or right-click on content running in Flash Player and select “About Adobe Flash Player” from the menu.

    If you use multiple browsers, checking on any one browser will verify the update for all browsers on Macintosh systems (on Windows, perform the check for each browser you have installed on your system).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 37 other followers

%d bloggers like this: