Again, because we're not talking about an update. We're talking about an OS reinstall. They would have to leave Safari alone also, because the Flash install targets the browser and version. That's essentially untenable, especially when the vulnerability we're talking about requires the user to go far, far out of their way to trigger. There has not been a single report of this exploit hitting an unwitting victim.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Snow Leopard Installation Downgrades Flash Player to Vulnerable Version
- Thread starter MacRumors
- Start date
- Sort by reaction score
Again, because we're not talking about an update. We're talking about an OS reinstall. They would have to leave Safari alone also, because the Flash install targets the browser and version. That's essentially untenable, especially when the vulnerability we're talking about requires the user to go far, far out of their way to trigger. There has not been a single report of this exploit hitting an unwitting victim.
Some of you sheep know nothing about software, responsibility to users, or evaluating risk in the bigger picture.
Most troublesome upgrade ever
There may be behind the scenes benefits. The upgrade took me about 18 hours, and I ended up having to nuke my startup disk, recreate it, restore from backup (you know now long that takes?) update that, and then deal with the things that SL broke, including:
Appletalk: gone. Trusty appletalk printer now unusable
mysql: SL breaks it, and you have to start over from scratch. Pray that you don't have irreplaceable data.
I haven't gotten to PHP and other things yet.
There may be behind the scenes benefits. The upgrade took me about 18 hours, and I ended up having to nuke my startup disk, recreate it, restore from backup (you know now long that takes?) update that, and then deal with the things that SL broke, including:
Appletalk: gone. Trusty appletalk printer now unusable
mysql: SL breaks it, and you have to start over from scratch. Pray that you don't have irreplaceable data.
I haven't gotten to PHP and other things yet.
Thank you. So simple a concept, but because it's Apple doing it, it's cool for some of these people. The same people who would gnash their teeth and tell you how much Microsoft sucked if their new OS downgraded software. Call a spade a spade, folks.
- For PowerPoint I guess you have to wait for an update that fixes compatibility with Snow Leopard. Many other companies are issuing Snow Leopard compatibility updates as a matter of fact.
- No random shutdown on my yet poor little Mac Mini
- No problem accessing my local network with Windows machines
- Illustrator: see first point
Try reinstalling. I did a clean install on my machine but a simple upgrade works very well. Your Mac Pro deserves and cries for Snow Leopard, so don't throw the towel. Be positive, life is great ;-)
Well, yes. I do expect Apple to work with Adobe to address the issue. I don't understand why people feel that it's unreasonable to expect Apple to take responsibility for their OS's security.
I would prefer that Flash not have been installed in the first place, but since it's there, here are some actions that Apple could take:
Apple could issue an update to disable the old version, forcing the user to manually update.
Apple could have Safari issue a warning a launch that Flash is out of date and is putting the machine at risk. Redirect the user to the Flash download page.
Or (God Forbid) maybe even talk to the product manager at Adobe to obtain the rights to push a secure version.
Ugh, wtf? "The Snow Leopard Installer" didn't do it. The user did it. If you don't expect that an OS reinstall will set the software that it includes to a certain tested baseline that in some cases may be a "downgrade" from certain of your most recent updates... well, that's sad for you, but it's YOUR PROBLEM. You installed it, and you unfortunately have totally unreasonable expectations.
It'd be nice if the Flash plugin were sane like every other internet software in existence and took responsibility for its own security updates, but since it doesn't, your beef is with Adobe. Not Apple.
And every installation of Windows, along with every other OS ever made in history, does this. Sorry to break it to you. It's just a fact of life until someone comes up with something better.
It is secure, inasmuch as they can control in this instance. Do you know what the vulnerability in question is?
Oh, my god. Breaking a single piece of third-party software intentionally? Aside from totally pissing off users, it's a surety that this would break their licensing agreement with Adobe, and possibly break the law.
This would be nice, if there were a non-onerous, reliable way to do it. I don't know that there is (or that there isn't).
I'm sure they have. What happened is that, for reasons that nobody knows (probably hung up with the lawyers as usual), that approval wasn't ready when SL was (the Flash update was still quite new when SL hit its release build). Not surprisingly, Apple decided that pushing back the ship date on their new OS over a vulnerability that has not affected a single person in the wild wasn't a good decision.
Your explanations make sense, and I don't want to imply that they don't. But even something this insignificant lends support to the beta testers who said for weeks that Snow Leopard was not ready for release and needed more work. I tend to agree with them.
No big deal here. Just go to adobe's website, right-click (or control click) on the animation on the front page, and select About. It will redirect you to another page where you can see the version installed.
Just go back if you don't have the latest version, download and install it. Takes 2 minutes. Restart your browser and done.
I don't see what the big fuss is about.
Just go back if you don't have the latest version, download and install it. Takes 2 minutes. Restart your browser and done.
I don't see what the big fuss is about.
That this is looking more and more like a release that was not ready for mass consumption? Yes. As I've said before, I'm considering myself extremely lucky to have run across the relatively few issues I've had with Snow Leopard so far, based on the number of gripes from friends of mine and folks here on these forums.
I have some sympathy for that, but you can't expect a company to hold up the release of a flagship product while lawyers dicker over the conditions to distribute a third-party update for a vulnerability that, again, hasn't affected a single person in the wild.
That context is critical. If this were a vulnerability that was being actively exploited I would absolutely agree that Apple has a responsibility to be far more proactive. But that isn't the case. It's a vulnerability that has not been reported to have hit a single unsuspecting user, because you have to go so far out of your way to activate it.
It's really not a big deal.
I'm not about to get all cooked over a Flash update.
Adobe has released updated Mac, Windows and Linux distributions of Flash Player, bringing old and new editions of the software up to v9.0.246.0 and v10.0.32.18, respectively. Matching these are v9.1.3 releases of Reader and Acrobat. Some 12 Flash vulnerabilities are said to have been closed in Adobe software, 10 of which could be used to assume full or partial control of a computer. ( See: http://www.macnn.com/articles/09/07/31/adobe.fixes.12.flash.bugs/)
Yeah, not a big deal at all. [/sarc]
Unfortunately, when you're talking about something like an OS it's never "ready for mass consumption" on the first release. But, if you don't release it and expose it to the wide variety of user environments that flush out those bugs, it never will be.
It's a chicken and egg that we have no answer for, so we live with it and early adopters should know what they're getting.
As another member posted in reply to you, no it's not. Flash, imho, is terrible and I've hated it for 10 years (7 years more than I've owned a Mac for). Adobe, because Macromedia have been defunct for 4 years now.. so I'm not sure why you keep mentioning them, are the ones responsible for providing a stable release on an OS, not Apple. If they can't do it due to an OS reason they should challenge Apple.. if it goes ignored, clearly inform the public until something is done about it. Releasing a half arsed product that is hated by a considerable amount of people doesn't help anyone.
(Even if it ran brilliantly, I'd still disable it as except for video delivery and the odd web game, as mentioned above... I hate it.)
With regards to this downgrade, has it been listed what vulnerabilities there are in this version and whether it affects 10.6 users? It's a bad move on Apple's behalf to not have a checker ensure that a newer version wasn't overwritten, no doubt. How many people were using a new version tho, as Flash doesn't automatically update itself from what I've noticed.
I read your reply pretty thoroughly. I apologize to have not informed myself so throughly about Apples Third Party Licensing issues than you.
Yes, and I am pretty ignorant about it, as long as it 'just works'.
(Just noticed: according to your link, Flash should have never been installed in the first place)
So my question is: How, as an Apple-User, am I to know that I have one piece of software on my computer that I need to update myself? Has Apple EVER informed me about this fact?
And I do not care about their licensing issues. If they can not resolve them, they should stop installing this stuff. What else might there be in hiding?
This is another argument I have some sympathy for. Apple could say "Hey, Flash is dumb so you'll need to update it yourself", but I have to think that will only make their issues with Adobe worse. And yeah, not installing it at all would probably be the "right" thing to do, but it just isn't realistic in this era. Flash is mostly used for ****** banner ads, but the one thing almost everyone uses that needs it is YouTube. If YouTube "didn't work" on a Mac, it'd be doomsday.
The bottom line is that Apple is trying to figure out the best line they can here in a crap situation. Adobe are the creators and owners of Flash. It is their responsibility. If they can't figure out a sane way to keep it updated for its own security, they are the proper target of anger.