Journalism is a trade rather than a profession, a bit like bricklaying
|
|
|
Apple used an old Flash Player in a security update
THE CAPPUCCINO COMPANY Apple has released a security update 2010-004 / Mac OS X v10.6.4.
Apple said this addressed vulnerabilities in Adobe Flash Player plug-ins. Its bulletin said, "Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to unauthorized cross-domain requests. The issues are addressed by updating the Flash Player plug-in to version 10.0.45.2."
However, no sooner had Apple released the security updates than Adobe came back with a tweet from Brad Arkin, its senior director of product security. He said, "10.6.4 update for Mac OS X includes Flash Player, but not the latest version. Please make sure your FP is updated."
He linked to the Adobe security blog, which proclaims that Apple is putting out an older version of Flash Player. "This update includes an earlier version of Adobe Flash Player (version 10.0.45.2) than available from Adobe.com," it complained.
It concluded, "While the Mac OS X v10.6.4 update does not appear to downgrade users who have already upgraded to Adobe Flash Player 10.1, Adobe recommends users verify they are using the latest, most secure version of Flash Player (10.1.53.64)."
Apple also released another security update called HT4220. That update was for Coloursync profile issues. µ
Share this:
Share
Googling gave me this twitter.com/WiebkeLipsAdobe
So it probably is. But is it pronounced, and does it affect communications?
;-)
Now we have Adobe employees posting !
I wonder if Apple employees are going to . . . oh, I forgot. His Jobsness has banned The Inq from everything Apple.
So they won't then.
There was no conspiracy theory at play, and nobody complained about anyone. The Adobe Flash Player 10.1 update was released on June 10, 2010, likely after the build for the Mac OS X 10.6.4 update was locked. However, as this article points out, Adobe had issued a a href="http://www.adobe.com/support/security/advisories/apsa10-01.html" security advisory /a on June 4 for a zero-day vulnerability in Flash Player 10.0.45.2 (the version included in the Mac OS X 10.6.4 update). Because a reference to the a href="http://www.adobe.com/support/security/bulletins/apsb10-14.html" Adobe security bulletin /a announcing a fix for this issue was not included in the a href="http://support.apple.com/kb/HT4188" Apple security bulletin /a , we saw it as our obligation to our mutual customers to issue an entry to our a href="http://blogs.adobe.com/psirt/2010/06/apple_security_update_2010-004.html" Adobe Product Security Incident Response Team (PSIRT) blog /a , recommending users update to the latest, most secure version of Flash Player (10.1.53.64). Our strong only /strong motivation behind the blog post was the security of our mutual customers.
Mike, I can post links to obscure pages, too, and if I post a link to a version test, the test will tell me that the current version is whichever one I have installed.
The fact is, if you go to Adobe's Flash download page, you'll see the current version is 10.1 (even if somehow you missed the news about its release several days ago).
http://www.adobe.com/products/flashplayer/
Apple either screwed up (by taking a very long time to release the update and not noticing that a new version was out) or, more likely, just decided to use its updates to do a little more propaganda. Petty and immature, but hardly surprising.
@mike: The link works all the times. It is not the first time when I check my version there.
Google "adobe flash player version test" and click on the first result.
If Adobe has multiple places where you can check the version and state multiple versions as being "the latest" I don't thinks is somebody's fault for having different results, right?
@Alex: Your link didn't work when I tried it. The newest flash version per Adobe is 10.1. See here:
http://get.adobe.com/flashplayer/?promoid=BUIGP
And no, it's not the same as in the 10.6.4 update. :)
@Scott: there's a difference between the words 'most secure flash player' and 'secure flash player'. It seems you are imaginging Adobe said something they never did, so you can argue with it.
Check this page on Adobe site: http://kb2.adobe.com/cps/155/tn_15507.html
What is the latest version stateed by THEM?
Is it the same as in 10.6.4 update?
I don't think there is one. Newest only has newest exploited fixes and they all spy on you. If you don't believe me do your own homework.While I don't care for Apple I do agree with there fear of flash player safety.