Apple Blocks Older Versions Of Flash With XProtect
March 4, 2013

Apple Blocks Old Adobe Flash Player Despite Patch

Michael Harper for — Your Universe Online

Just over one month ago and amidst ongoing security flaws, Apple updated their XProtect security settings to block older versions of Oracle´s Java. On Friday, amidst similar security issues with Adobe´s software — a platform with which Apple has had several fights before – Apple announced that they had begun to block older versions of Flash as well.

There is already a fix for these security flaws available from Adobe, but older versions of the plug-in were being actively targeted, placing many Macs in danger of an exploit. Adobe updated their software for the third time in a month after they discovered three more active exploits in the wild, two of which were actively targeting Mozilla´s Firefox browser.

Apple announced their decision in a support document, saying only: “To help protect users from a recent vulnerability, Apple has updated the web plug-in-blocking mechanism to disable older versions of the web plug-in: Adobe Flash Player.”

This change will affect users running OS X Mountain Lion, Lion and Snow Leopard. Any user with one of these operating systems who hasn´t downloaded the latest version of Flash (version 11.6.602.171) may see a pop-up window directing them to download the latest version whenever they try to access any Flash content. Users may also have this flash content grayed out with the words “Blocked Plug-in” whenever they access such Flash content.

As Flash is a popular way to deliver content on the web, many hackers develop malicious code to take advantage of any vulnerabilities. This isn´t the first time Apple has had to block Flash, either.

When Adobe released patches to fix similar exploits, Apple responded by blocking all older versions of the software, encouraging all Flash users to download the latest patch. Apple uses their XProtect system to block these out-of-date and dangerous platforms. This system works by making sure each plug-in is up-to-date and secure. These plug-ins are checked daily to ensure their safety and reliability. Just as seen with Flash and Java, this service will begin actively blocking any plug-in which is found to leave a user´s computer open to attacks.

This service was first launched in 2009 with Snow Leopard. Originally users updated the system manually, but as threats against OS X continued to grow, such as the Flashback trojan last year, Apple began automatically updating XProtect on a daily basis.

Though not as vulnerable as Java, users running Flash do run the risk of exploits and will experience reduced battery life and slower overall performance. Loved and Loathed Apple pundit John Gruber has even explained how to disable the plug-in and live a Flash free life.