In the recent Mac OS X 10.6.4 update, Apple misstepped and provided users with the older 10.0.45.2 version of Flash instead of 10.1.53.64. We held off on writing about this on Tuesday because we had no way of verifying whether or not 10.6.4 installed an exploitable version of Flash or Adobe’s patched version. We’re running a pre-release version of an upcoming Flash player so that our systems won’t be laggy during YouTube marathons.
Why’s this a big deal? The later version has security holes patched and would have been “exploit free” according to Adobe’s director of security and privacy Mark Eakin. Flash has recently been taking heat, mostly from Apple, for being a security concern. Turns out Apple is still shipping an exploitable version of the browser plugin. Pot meet kettle.
Props to Adobe for pointing it out in an official blog post.
This isn’t the first time that this has happened, and Apple’s pretty quick, relatively speaking, with security updates that patch known holes in a system’s security when this type of thing happens. So, you have two options. First, you can wait on a security update from Apple, which we wouldn’t recommend, or you can just go update Flash yourself.
The good news is that Apple’s 10.6.4 update did not downgrade your version, so if you’ve updated your Flash player yourself already, you’re still good to go.