OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Apple blocks Flash following security update

Published February 5th, 2014 at 9:36 AM EDT , modified February 5th, 2014 at 9:36 AM EDT

Apple has updated the XProtect security system in Mac OS X to block all versions of Adobe Flash Player prior to 12.0.0.44. This was done in response to a critical security update released by Adobe, fixing a vulnerability that was being exploited in the wild. Users of Chrome should have their Flash plugin updated automatically. Users of other browsers, with Flash installed in the system, may have Flash updated automatically or may need to install an update manually, depending on the settings.

If you are using Flash Player in any browser other than Chrome, you will need to be sure to install the update. The easiest way to do this would be to go to Adobe’s Flash Player download site and click the Install Now button. Follow the directions. Note that you should not download Flash Player from any other site! There are many fake Flash Player sites out there that are in the business of distributing malware in the guise of Flash Player.

There may actually be Mac malware out there that has been taking advantage of this vulnerability, but it’s hard to say at this point. Adobe credits Kaspersky with the discovery of this vulnerability, and Kaspersky posted a vague and mostly self-congratulatory note about some malware they are calling “The Mask” and which they say affects Macs. However, there’s really no information given at all, as they say they plan to unveil their findings at a conference next week. We’ll see what they have to say then, and whether this is really as Earth-shattering as Kaspersky seems to want us to believe.

Tags: , ,

2 Comments

  • Sean says:

    The unscheduled patch is evidence of in-the-wild exploitation — and that it’s a serious vulnerability, but much of that exploitation could be Windows-based. It unclear just how many Macs may have been targeted. Linux is affected, too.

    The greater concern is that crimeware vendors will now reverse the patch to develop their own exploits — so it’s good that Apple is blocking older versions. However, I think that’s only blocking older versions of Flash in Safari, based on what our Mac team has tested. Hopefully Firefox users will update sooner than later.

This post is more than 90 days old and has been locked. No further comments are allowed.