Apple has confirmed that it has blocked out old versions of Adobe’s Flash Player plug-in for the Safari browser. The block is due to a flaw which allows hackers to exploit data from the browser.
It is a sensible security move, Windows and Linux builds of Flash also have been hit by the bug. However, an updated support document seemed to think it was a little controversial. Apple felt it was playing the role of a pro-active party, after the recent discovery of a Flash vulnerability, through the restriction of this plug-in access via its Safari Web browser.
Those Safari browser owners who are still using out of date plug-ins will see the message as shown above, which reads, “Blocked plug-in,” “Flash Security Alert” or “Flash out-of-date” whenever one attempts to access Flash content in Safari. If you click on the alert, you will be greeted by Adobe’s Flash installer page so that you can go ahead to download and install the latest plug-in.
Clearly who ever thought of that idea did not realise that it was mimicking a standard attack vector for malware adverts which often tell you that your Adobe plug-in is out of date and invite you to download all sorts of malware instead of a new one. Apple would have been better to automatically upgrade the plug-in itself, but that would have meant it had to acknowledge that users were disobeying Steve Jobs’ command and installed a Flash Player.
Adobe claims that this particular flaw can be found in Flash Player for Mac version 220.127.116.11 and earlier, and the company has since advised Mac users to perform an update so that it can bring up the version number to 18.104.22.168.