Snow Leopard includes malware-vulnerable Adobe Flash version
Thursday, September 3, 2009
Web security firm Sophos reported yesterday that Apple's new Snow Leopard operating system ships with an older version of Adobe Flash Player that is unpatched and vulnerable to cyberattacks. Adobe is warning Snow Leopard users to upgrade to the latest version.
Sophos senior technology consultant Graham Cluley wrote on his blog that Snow Leopard comes with version 10.0.23.1, which is known to have security vulnerabilities. The latest version of Flash Player for Mac is 10.0.32.18.
"Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months," Cluley said in the blog post.
Research from security firm Trusteer shows that almost 80 percent of internet users are still running unpatched versions of Flash, which the company called "the biggest security hole on the internet today," in a white paper last month.
Security researchers have discovered exploits of a Flash vulnerability that could infect PCs with Trojan malware when users open a maliciously crafted Adobe Acrobat PDF file, which caused Adobe to rush a security updates for Flash Player, Acrobat and Reader.
Sophos has identified Flash-exploiting malware embedded in Microsoft Excel files and predicts malware authors will use PowerPoint and Word to spread Flash-based attacks.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
