Snow Leopard install downgrades Flash

The Flash Player is automatically downgraded when Mac OS X Snow Leopard is installed--a move one security expert said needs to be addressed immediately.

Jim Dalrymple Special to CNET News

Jim Dalrymple has followed Apple and the Mac industry for the last 15 years, first as part of MacCentral and then in various positions at Macworld. Jim also writes about the professional audio market, examining the best ways to record music using a Macintosh. He is a member of the CNET Blog Network and is not an employee of CNET. He currently runs The Loop.

See full bio

Jim Dalrymple

Sept. 3, 2009 8:27 a.m. PT

Apple has built a potentially dangerous downgrade into Mac OS X Snow Leopard, according to a security expert.

When Apple's updated operating system is installed, it downgrades Adobe Systems' Flash to an earlier, less secure version. Sophos security expert Graham Cluley said Wednesday in a company blog post that Apple installs version 10.0.23.1, which has not been upgraded to protect users against the latest threats.

"Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded," Cluley said in the blog. "We know that hackers keep finding security holes in Adobe's code--and that's deeply concerning because it is so widely used by many internet users, whether on Mac or PC."

Cluley said users need to upgrade Flash Player for Mac immediately to the most current version, 10.0.32.18. Failing to do so could open up users to vulnerabilities that have targeted Flash over the past several months.

"This should be done as a matter of priority," Cluley said. "Adobe is the 'new Microsoft' when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit."

Adobe has been in the spotlight since last month's release of Snow Leopard, as it works with users on compatability questions regarding its Creative Suite products.

(Via AppleInsider)