8 Replies Latest reply: Jul 10, 2012 10:04 PM by MadMacs0
Bobsax Level 1 Level 1 (55 points)

So  I had to download Flash seperatly when I first got my iMac   since Loin doesn't have it but I thought it strange that when doing the software update I was told to update Flash from another site.

  Why would Apple updates depend on a third party site and require a download from it? This is unprecidented in the history of Apple Software Updates.


MacBook, Mac OS X (10.5.8), i
  • Kappy Level 10 Level 10 (250,605 points)

    Apple makes no such updates nor require you download third-party software. The installer may warn you that you have third-party software installed that is not compatible and recommend you either remove it or update it.

  • Glasscut Level 1 Level 1 (15 points)

    Kappy is right.. adobe is a third party developer. bobsax even in windows you still have to update flash from either the adobe flash updater or visit adobes website. Adobe flash does not belong to microsoft or apple.

  • Bobsax Level 1 Level 1 (55 points)

    Thanks Guys

    I guess I was being warned to update Flash. Apple did direct me too the website after the update.

    The problem here is I wouldn't have done Apples update if I'd known I needed to also update Flash.

    This doesn't seem right. Shouldn't I have been warned before the update that I would need to have a third party update.

      I've always felt safe doing Apples updates and before Lion Apple took care of the Flash upadates.

    My Flash running snowleaopard macbook doesn't send me to Adobe for an update.

  • Kappy Level 10 Level 10 (250,605 points)

    How can the updater know whether you have installed software that may require updating until it starts to update your software. Furthermore, as Apple will tell you, you are responsible for determining whether you have incompatible third-party software.

  • ds store Level 7 Level 7 (30,315 points)

    Bobsax wrote:


    I thought it strange that when doing the software update I was told to update Flash from another site.

     

    Why would Apple updates depend on a third party site and require a download from it? This is unprecidented in the history of Apple Software Updates.

     

    Apple is taking a more proactive security approach to third party plug-ins which have been responsible for a 600,000 strong Mac based botnet.

     

    http://www.extremetech.com/computing/125019-mac-botnet-grows-to-600000-274-of-th em-in-cupertino

     

     

    Apparantly what happened is Apple ignored Java updates which they handle for OS X for 10.5 and earlier, and was slow to update for 10.6 and 10.7. This caused a huge security hole which the botnet was created.

     

    Apple has since patched 10.5 Intel (not 10.5 PPC) and 10.6-10.7, is now being a lot more attentive that third party plug-ins are updated or disabled if not used. So they are paying attention to 10.7 and 10.8 now, 10.6 is sort of being left behind a little now as Apple only supports the last two operating system versions in circulation, another problem in itself.

     

    I've recommending disabling or using NoScript with third party plug-ins to minalize their exposure to the Internet and on every website as that's a huge security risk that compounds with the more plug-ins are installed.

     

    Basically plug-ins should only work if the user request them to work and trusts the site first, not the sites running them and then chosing not to compromise one's machine.

     

    All software has exploits, however with all the plug-ins running gives a larger opportunity to hack the machine.

     

     

    Harden your Mac against malware attacks

  • Bobsax Level 1 Level 1 (55 points)

    Thanks DS

    Interesting article about the botnet.

    Apple explains it here also

    http://support.apple.com/kb/DL1531

    this is the part that happend to me and lots of other Lion users too.

    • Disable versions of Adobe Flash Player that do not include the latest security updates and provide the option to get the current version from Adobe's website.

    So I guess Apple wasn't paying attention to the Flash updates put out by Adobe which lead to the problem with the Flashback trojan. I guess this is why they don't include Flash with any new products, so they arn't liable for things like the Flashback Trojan. We now deal directly with Adobe for Flash Security. After the new Flash was downloaded I was asked if I want Adobe to make updates automaticaly or to be informed and do it myself.

    I wasn't asked for an email address so I guess Adobe has it's paws directly in my computer and they will be able to manipulate it on there own. I did ask to at least be informed if they wanted to update Flash.

    I had to of course agree to Adobe's liabiliry/privacy agreement and when prompted to read it I got a website with a list of all Adobe's product agreements. It was huge. I couldn't even find it.

     

    on a side note, I'm writing this from my SnowLeopard macbook. Apple wouldn't let me sign in on the iMac.

    They say;

    -1 no statusCode supplied.

     

    any idea what that's all about?

     

    thanks again for the help and responses.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    Bobsax wrote:

     

    Thanks Guys

    I guess I was being warned to update Flash. Apple did direct me too the website after the update.

    The problem here is I wouldn't have done Apples update if I'd known I needed to also update Flash.

    What the update did was disable your old Flash plugin because there are security issues with it and it is not safe to run the old version. It wasn't because of any compatibility issues. Are you saying you would rather operate in an unsafe condition with buggy third party software?

  • MadMacs0 Level 5 Level 5 (4,500 points)

    Bobsax wrote:

     

    So I guess Apple wasn't paying attention to the Flash updates put out by Adobe which lead to the problem with the Flashback trojan. I guess this is why they don't include Flash with any new products, so they arn't liable for things like the Flashback Trojan.

    Adobe never put out a product that lead to the Flashback Trojan problem. The earliest versions of Flashback posed as FlashPlayer updaters, but they were fake and did not come from Adobe. The later versions of Flashback used a flaw in Java which is a Sun/Oracle product, not Adobe's.

    I wasn't asked for an email address so I guess Adobe has it's paws directly in my computer and they will be able to manipulate it on there own.

    Correct. Now you should not have to be concerned about authenticity any longer. This is a good thing.