Snow Leopard Installation Downgrades Flash Player to Vulnerable Version

[Morod]

Prints fine for me

I updated the Flash player plug-in about 10 minutes ago and just tried printing this Safari page. It worked fine for me. Using SL with a Canon Pixma iP4300 printer.

 

[coleridge78]

Hello? Anybody home?
How does Apple normally update software installed on Mac's?
I never installed Flash myself. It came pre-installed as part of the OS by Apple.

I guess it is similar to the Java issue. They choose to run their own builds that are a number of versions behind everybody else.

No wonder that Apple computers are the firsts that get cracked at those 'Hacker-contests'...

You have no idea what you're talking about. The Java and Flash situations are totally different, with different ownership, licensing, and technical issues, and having nothing to do with each other. I'm not going to get into the issues with Java on the Mac, because it's irrelevant.

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software. Any software that is internet-aware and thus may have wider security issues absolutely MUST have it's own updating facility in this day and age. The fact that Flash doesn't should be the real scandal here.

I'd also like to point out that the vulnerability addressed in that upgrade may be a moot point anyway. It has to do with flash content embedded in PDFs--the default PDF reader in OS X, Preview, ignores this bogus content (because it's brand-new, and nobody has ever used it except for transmitting viruses). If you're using something else, like, say, a full version of Acrobat, then you either have the necessary updates in there already courtesy of Adobe, or you have nobody to blame but yourself.

 

[mBox]

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

Too funny when in the other world (Windows), this would be a common issue from home to Enterprise

 

[coleridge78]

Funny how I only hear Mac users complaining about Flash. It's a very Mac-ish, chic and elite thing to complain about Flash I suppose. And don't flatter yourself by saying that you are more technically inclined than Windows and Linux users, it'd just be sad.

Have you ever used Flash on a Mac?

Didn't think so.

Mac users aren't saying Flash, as it is on Windows, isn't good enough for them. Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude better than it is on OS X. Sadly, and for no good reason.

 

[nelmat]

However, there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac. Flash in itself is a good product but you have really bought into Apple's campaign of making Macromedia and Flash look bad.

Lol - who are macromedia? Adobe bought the company out more than a short while ago - this is an adobe product. And as far as "there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac." What a lot of utter rubbish. Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

 

[diamond.g]

Have you ever used Flash on a Mac?

Didn't think so.

Mac users aren't say Flash, as it is on Windows, isn't good enough for them. Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude than it is on OS X. Sadly, and for no good reason.

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

 

[coleridge78]

Lol - who are macromedia? Adobe bought the company out more than a short while ago - this is an adobe product. And as far as "there is a dispute between Apple and Macromedia, so that is the reason for Flash hogging a bit too much resources on the Mac." What a lot of utter rubbish. Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

They don't go out of their way, they just don't optimize.

 

[coleridge78]

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

They're trying to be pragmatic. If it weren't there, then everything on the internet and Microsoft's TV commercials would be:

"Macs can't even play YouTube out of the box! hahaha OMG FAILZER!"

So, you gotta do what you can. The real world is a pain in the ass sometimes.

 

[vanka74]

I updated the Flash player plug-in about 10 minutes ago and just tried printing this Safari page. It worked fine for me. Using SL with a Canon Pixma iP4300 printer.

Really? I have two printers (epson and an HP). I did have to reinstall drivers when I upgraded to snow leopard but after that, it printed perfectly. I know this because i printed my tickets yesterday.

This morning, I read this article, upgrade Flash because it seemed harmless. Now, Safari is acting weird and I still can't print. I select print and nothing happens (no print dialogue box)...and, I can no longer control the contents on the webpage (scroll...click...etc). I have to quit and it lets me. I'm using a macbook pro 15" intel core 2 duo.

 

[Detektiv-Pinky]

You have no idea what you're talking about. The Java and Flash situations are totally different, with different ownership, licensing, and technical issues, and having nothing to do with each other. I'm not going to get into the issues with Java on the Mac, because it's irrelevant.

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software. Any software that is internet-aware and thus may have wider security issues absolutely MUST have it's own updating facility in this day and age. The fact that Flash doesn't should be the real scandal here.

I'd also like to point out that the vulnerability addressed in that upgrade may be a moot point anyway. It has to do with flash content embedded in PDFs--the default PDF reader in OS X, Preview, ignores this bogus content (because it's brand-new, and nobody has ever used it except for transmitting viruses). If you're using something else, like, say, a full version of Acrobat, then you either have the necessary updates in there already courtesy of Adobe, or you have nobody to blame but yourself.

So can you please enlighten me why Apple is able to issue Java updates and not Flash-updates as part of their Software-Update procedure?

I would also be grateful for any information from Apples EULA that tells me that I have to update Flash myself, but for anything else on the OS I can rely on their Software-Updater, thank you very much.

By the way, because I am asking: Do you know of any other software shipped as part of the OS that I need to update manually?

 

[NAG]

If that was the case then shouldn't Apple just not include flash as apart of the OS install?

Until most internet video sites get off their rear and start using technologies that don't suck as bad as flash we're pretty much stuck with it.

And to the people that are crying fanboy whenever someone points out Flash is a resource hog, it's kind of like screaming fanboy when someone points out a pile of garbage kind of smells. Are you really defending garbage as having a wonderful smell?

 

[womble2k2]

Absolutely not. I purchased it along with a brand new Mac Pro. I was using Leopard for about a week until Snow came in. Nothing but beauty from Leopard, with Snow- nothing but problems.
-cannot access PowerPoint
-shuts down randomly and restarts
-cannot link with Network server adequately
-Illustrator does this weird graphics thing if I nudge an item

Individually nothing serious, but overall, sucks ass. DO NOT BUY SNOW LEOPARD.
At least til they figure out their issues.

I have a mid June 2009 15" MBP and just upgraded to SL.

Both PowerPoint 2004 and PowerPoint 2008 (and all Office 2004 / 2008 apps) work perfectly well.

No random shut down and restarts

No Network issues

Don't have illustrator, but all my other apps (Including Photoshop CS4 Extended) work perfectly.

I did not do a clean install and simply installed over Leopard.

Only issue I can find is that if I run Windows 7 in a VirtualBox environment, the DirectX 10 screensavers cause minor screen issues. Not sure if this is SL, VirtualBox or Windows 7.

I think you need to do further diagnostics. Start by opening console and checking what messages appear.

Phil

 

[err404]

Apple normally updates only their own software on Macs. They do not have the ability, or in many cases legal rights, to reliably update third-party software.

Well that sucks for Apple, but by including Flash they assume the responsibility for keeping it secure.
A user has not way of knowing what third party components are installed by the OS and have no obligation to search out fixes for apps they didn't install.

 

[Westside guy]

In my view this is a minor issue as it's really up to the end user to ensure that they have the latest patched versions of third-party software.

So the fact that the end user already did this, yet the Snow Leopard installer undid it is a "minor issue"? Tell me, after you've upgraded a vulnerable piece of software - do you continually go back and double-check that the specific upgrade wasn't somehow removed?

And no, keeping an eye out for new upgrades fixing new, different vulnerabilities does not count.

How is snow Leopard? Is it worth the upgrade?

Overall my Snow Leopard installation and experience so far has been pretty smooth - much closer to the 10.3 and 10.4 initial upgrade experience than to the rather problematic 10.5 one. This particular problem is a bit of a cock-up though.

I've only installed it on one of our computer's so far though - 2nd gen MacBook Air (1.83GHz, SSD drive). Will probably put it on one of the MacBook Pros this weekend.

 

[Macmel]

Sorry to say this, because I will have SL delivered to my place tomorrow, but the last two times a new OS was released (Tiger and Leopard) I was around and I did not see all the negative comments I'm seeing with SL.
Plus, SL almost did not bring anything new to the user (besides some technology that still has to be taken advantage of or that only works in the most recent computers or GPUs). Both Tiger and Leopard brought tones of new features and apart from minor bugs you always find in version .0, most people acknowleged the faster/more capable OS.
And this is just the last thing with Flash. Come on Apple! How can they make such a childish mistake. Something so obvious that it was going to be discovered the first week upon release. Doesn't matter if it's important or just a minor flaw: news all over the internet (specially windows biased places) are going to say: "New OS by Apple makes your computer more vulnerable" "New OS downgrades applications on install", etc. That is going to happen and Apple should have forseen that.
Now Idon't really know what to do. I ordered before I knew all this bugs people are reporting. Should I have known that, I wouldn't have ordered. But now, I don't know if it is a good idea to install it before .1

 

[iSamurai]

Okay - just tell us to hit the update button and that's all. it's obvious that an upgrade will overwrite most of the existing system files - and seeing that flash comes with the OS, one can consider it as part of the OS upgrade. Of course the disc is not burned and posted overnight - it's done weeks ago and the flash installation was packed even before that when they compiled the OS.

Why is the article written in such as way that the entire operating system seems flawed and that the world is going to end and we're all gonna die!? lol too sensational and melodramatic

 

[Westside guy]

Is the "latest" Flash version from Adobe Snow Leopard compatible? I remember when upgrading to Leopard you had to use the bundled version for some time until Adobe released a new one.

Yes, it works fine (on Firefox anyway).

 

[diamond.g]

Until most internet video sites get off their rear and start using technologies that don't suck as bad as flash we're pretty much stuck with it.

And to the people that are crying fanboy whenever someone points out Flash is a resource hog, it's kind of like screaming fanboy when someone points out a pile of garbage kind of smells. Are you really defending garbage as having a wonderful smell?

They're trying to be pragmatic. If it weren't there, then everything on the internet and Microsoft's TV commercials would be:

"Macs can't even play YouTube out of the box! hahaha OMG FAILZER!"

So, you gotta do what you can. The real world is a pain in the ass sometimes.

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?

 

[coleridge78]

So can you please enlighten me why Apple is able issue Java updates and not Flash-updates as part of their Software-Update procedure?

Because Java has a different license, as I already said. You're not paying attention, which makes your attempt at condescension pretty ridiculous.

I would also be grateful for any information from Apples EULA that tells me that I have to update Flash myself, but for anything else on the OS I can rely on their Software-Updater, thank you very much.

What in the world are you talking about?

By the way, because I am asking. Do you know of any other software shipped as part of the OS that I need to update manually?

Thankfully, Apple has to ship a lot less proprietary third-party software with their OS than they used to. I am nearly positive that the Flash libraries and plugin are the only third-party software in recent versions of OS X that is too stupid to update itself as necessary. Apple does not update any third-party software unless it carries an open license, such as certain printer drivers. Java is a special case that's not relevant to any other software, as its a strange meld of both third-party packages with (somewhat) open licensing, and code from Apple themselves. Flash is strictly a third-party, proprietary package, whose license, incidentally, requires using their own installer for all installs and upgrades:

http://www.adobe.com/products/players/fpsh_distribution1.html

Apple CANNOT LEGALLY UPDATE FLASH THROUGH SOFTWARE UPDATE.

End of story.

 

[coleridge78]

Does Windows include flash OOTB? I don't seem to recall that being the case. It has been a while since I have loaded Win7, but it appears to be updated with the latest version. I am not sure if that is due to the Adobe Updater that is installed or not. If it is then why isn't there a Mac version?

Every install of Windows I've done has included Flash, but I'll admit that I haven't installed every variety of every version of Windows (and haven't touched 7 at all yet).

 

[Tommigun]

Adobe and Apple don't get on, so Adobe go out of their way to make a browser plug-in run like a piece of rubbish?

That's the general understanding, and what the guy above your post just said:
"Flash on OS X is an entirely separate beast, which Adobe doesn't bother to optimize because of a long-running feud. Its performance on Windows is orders of magnitude better than it is on OS X. Sadly, and for no good reason."

 

[jazman]

OMG, you mean I have to spend another 10 min to upgrade Flash? Say it ain't so.

 

[coleridge78]

Well that sucks for Apple, but by including Flash they assume the responsibility for keeping it secure.
A user has not way of knowing what third party components are installed by the OS and have no obligation to search out fixes for apps they didn't install.

You're right. And Apple is legally allowed to include Flash in the OS, but the license specifically disallows them from updating it. IE updates itself as necessary; Safari updates itself as necessary; Firefox updates itself as necessary; Unison, Transmit, Skype, on and on. Do you see a pattern emerging? Even if Apple were legally allowed to update Flash, they couldn't reliably do so without cooperation from Adobe, and Adobe is so f***ed that Flash is the *only popular internet-aware software in the universe* that doesn't keep on top of its own security updates. What do you expect Apple to do? Complain to Adobe.

And I'll repeat: the vulnerability we're talking about requires you to go out of your way to invoke it. It isn't passive. If Flash is sitting on your system but you don't deliberately use it to open malicious PDFs in Safari (something that will never happen by default), you are safe. Apple didn't leave a live grenade in there. You have to unlock the munition box and pull the pin, and if you do so, then what happens is between you and the maker of the grenade.

 

[Tommigun]

You're right. And Apple is legally allowed to include Flash in the OS, but the license specifically disallows them from updating it. IE updates itself as necessary; Safari updates itself as necessary; Firefox updates itself as necessary; Unison, Transmit, Skype, on and on. Do you see a pattern emerging? Even if Apple were legally allowed to update Flash, they couldn't reliably do so without cooperation from Adobe, and Adobe is so f***ed that Flash is the *only popular internet-aware software in the universe* that doesn't keep on top of its own security updates. What do you expect Apple to do? Complain to Adobe.

Why didn't the installer just check the version of the currently installed Flash player? If it's a higher version than the one bundled with the OS - don't touch it! BAM - problem solved!

 

[rwilliams]

big deal! I just updated to the latest version, didn't take more than 15 seconds.
It's not apples responsibility to make sure everyone is running with the latest version of this and that software, people should learn to update their crap themselves.

Some of you sheep will excuse anything that Apple does.