Snow Leopard may install insecure Flash player

Jake Widman
Friday, 04 September 2009 02:16

Business IT - Security

A security firm has alleged that the shipping disks of Snow Leopard contain an older version of Adobe's Flash player with known security vulnerabilities. Not only that, the Snow Leopard installation replaces the current version on a user's machine with the older one.

Security expert Graham Cluley, in a blog post on the website of security firm Sophos, describes how he diligently keeps his Flash player up to date -- version 10.0.32.18 is the current Mac version.

But when he installed Snow Leopard and then tested his Flash player, he discovered that he had been downgraded to version 10.0.23.1.

That version, Cluley claims, "is known not to be secure and is not patched against various security vulnerabilities."

But the insecure version described in the security bulletin Cluley references is about Flash Player 10.0.22.87 and earlier versions. Whether 10.0.23.1 shares the same vulnerability is not clear.

Cluley also posted a video on YouTube about his finding, and one commenter said that after his install, he is still running 10.0.32.18.

Regardless, it's probably a good idea for every Snow Leopard adopter to get over to Adobe's Flash Version Test page to check that they're running the up-to-date version.

Any necessary upgrade can be downloaded from the Flash Player Download Center .