Snow Leopard Downgrades Your Flash Plugins, Security Company Warns

5:24 am, September 3rd, 2009, Giles Turnbull

Now here’s something unexpected. Sophos security consultant Graham Cluley has a warning for everyone who’s just upgraded their computer to run Snow Leopard: go check your Flash plugin version as soon as possible, because you might find that your OS upgrade simultaneously downgraded your plugin. (Assuming your plugin was up-to-date to begin with; full explanation in the video above.)

You can check your plugin version at this page on Adobe’s site.

While the Vimeo Flash video player Graham’s using is not going to cause any harm to your computer, you can’t be certain that Flash content elsewhere on the web will be as safe.

How so? I called Graham this morning and asked him.

Graham Cluley: “Adobe has been urging users to keep themselves up-to-date, and what’s most frustrating about the Snow Leopard upgrade is that I had been diligent, I’d been doing the right thing. But I was downgraded in the background. And most people, even if they had been diligent in the past, simply wouldn’t think to check for that sort of thing.”

Cult of Mac: “Most people understand the concept of a virus arriving by email, but malicious Flash isn’t so well known. How might malicious Flash code work?”

Graham Cluley: “Most likely, there would be malicious code that exploits vulnerabilities in Flash to run things on your computer without your permission.

“In a typical attack the bad guys will deliberately craft a malicious Flash animation that will cause a buffer overflow, which in turn will run some shell code. That exploit code can then redirect you to a third party website, but it’s perfectly possible for the attack to be completely contained inside the Flash file.”

Cult of Mac: “Do you have any documented cases where this kind of attack has been made against Macs?”

Graham Cluley: “Unfortunately we don’t – we don’t have any links between Flash exploits and Mac users specifically being hit. Now that may partly be a consequence of Sophos focusing on the business market, and not having a consumer product, so we may have less visibility on this as home users are not likely to contact us.

“However, if you Google for Mac Flash Exploit you’ll find plenty of news reports of past vulnerabilities that could affect Mac users.”

Posted by Giles Turnbull in News | Comment on this article

About the author

Giles Turnbull is a freelance writer in England. He is a columnist for PA, and has written for the BBC, Guardian, Daily Telegraph, MacUser, Macworld, and The Morning News. He has a blog you can ignore and a Twitter account you needn't follow.

Email the author | Read more posts by Giles Turnbull.

4 comments

10.0.32.18 only came out on august 30th 2009 which was after the release of snow leopard.

Alex, on September 3rd, 2009 at 7:23 am

Seriously, if Giles is going to be a regular contributor to Cult of Mac I think you may lose some readers.

Matt, on September 3rd, 2009 at 11:23 am

Get a life. Honestly, this seems to be the only reason why people are complaining about Snow Leopard. Have you seen windows lately? I’m 100% positive that they will have big time security problems right outta the box.

thenez, on September 3rd, 2009 at 4:07 pm

further, there are reports from those that get the early notes that 10.6.1 is on the verge of release and includes an update to Flash to the latest version (less than a week after the SL release)

Charli, on September 3rd, 2009 at 10:17 pm