Snow Leopard includes malware-vulnerable Adobe Flash version
Thursday, September 3, 2009
Web security firm Sophos reported yesterday that Apple's new Snow Leopard operating system ships with an older version of Adobe Flash Player that is unpatched and vulnerable to cyberattacks. Adobe is warning Snow Leopard users to upgrade to the latest version.
Sophos senior technology consultant Graham Cluley wrote on his blog that Snow Leopard comes with version 10.0.23.1, which is known to have security vulnerabilities. The latest version of Flash Player for Mac is 10.0.32.18.
"Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months," Cluley said in the blog post.
Research from security firm Trusteer shows that almost 80 percent of internet users are still running unpatched versions of Flash, which the company called "the biggest security hole on the internet today," in a white paper last month.
Security researchers have discovered exploits of a Flash vulnerability that could infect PCs with Trojan malware when users open a maliciously crafted Adobe Acrobat PDF file, which caused Adobe to rush a security updates for Flash Player, Acrobat and Reader.
Sophos has identified Flash-exploiting malware embedded in Microsoft Excel files and predicts malware authors will use PowerPoint and Word to spread Flash-based attacks.
Related News:
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.
|
