Apple today has confirmed that is updating its web plug-in blocking mechanism in OS X to disable all versions of Adobe Flash Player prior to the most recent, which is version 220.127.116.11. On older systems, all versions of Flash prior to 18.104.22.1681 are blocked.
Apple notes on its Support page that if you must run an older version of Flash in Safari, you can do so by using the Internet plug-in management option in the browser. With this option, you can choose to run the Flash Player plug-in in unsafe mode on websites that you trust.
Apple cites security issues for its reasoning to block old versions of Adobe Flash:
Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 22.214.171.124 and 126.96.36.1991.
This isn’t the first time Apple has taken steps to block potentially insecure versions of Adobe Flash on its machines. Last summer, Apple pulled a similar move and blocked all outdated versions of Adobe Flash in Safari due to similar vulnerabilities.
The most recent version of Flash Player is available on Adobe’s website.
Filed under: Mac Tagged: Adobe, Flash, Flash Player, Mac, OS X, player, Safari
Apple today released Xcode 6.3.1 with bug fixes. According to the release notes, the release includes fixes for debugging, Interface Builder, and Playgrounds. The update is available via the Mac App Store and on the Mac developer center. Xcode 6.3 was released earlier this year with significant enhancements to Swift and the Xcode application.
Filed under: AAPL Company Tagged: App Store (iOS), Apple Inc, icloud, iOS, iPhone, IPhoto, Mac App Store, OS X, Xcode, Yosemite National Park
A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.
The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw …
Wardle said the exploit he used was “novel yet trivial,” while security researcher Pedro Vilaça said that the fix attempted in OS X 10.10.3 was doomed from the start since there were “a tonne of ways to bypass it.”
Wardle added that he had resisted the temptation to use the exploit on display models at an Apple Store, and had passed full details to Apple.
It was reported earlier today that around 1,500 iOS apps are vulnerable to man-in-the-middle attacks thanks to their use of buggy open-source networking code.
Filed under: Mac Tagged: Apple Inc, hack, OS X, OS X 10.10.3, Privilege escalation, Security, vulnerability, Vulnerability (computing), yosemite
Apple today seeded the first developer build of OS X 10.10.4 Yosemite to testers. The build is labeled 14E7f and follows today’s supplemental update of OS X 10.10.3 and the first developer beta of iOS 8.4 which includes a brand new Music app and iTunes Radio experience.
Today’s release appears to only be available to registered developers and AppleSeed testers; public beta versions of OS X tend to follow in subsequent build releases. For registered developers and AppleSeed members with the Configuration Utility installed, the pre-release software update should be available through the Mac App Store. Apple says the update focuses on “stability, compatibility, and security of your Mac.”
Filed under: Developers, Mac Tagged: 10.10.4, appleseed, developers, OS X, OS X 10.10.4, os x yosemite, pre-release, yosemite