Apple Blocks Outdated Adobe Flash Player In Safari


Apple is taking additional precautions to protect users of its Safari browser from attacks targeting the widely used Adobe Flash Player plug-in.

Apple said it is now blocking the use of outdated Adobe Flash Player plug-ins in an attempt to stem frequent attacks targeting older versions. Apple announced the change in a support document issued Feb. 28.

Selecting the blocked plug-in icon will prompt Safari users with a notification that Adobe Flash Player is out of date and offer an option to download the latest version. Selecting a download option redirects users to the Adobe Flash Player installer website where the latest version can be properly installed.

[Related: 5 Most Dangerous New Hacking Techniques]

Adobe issued a Flash Player security update Feb. 26, warning that two vulnerabilities are being actively targeted in the wild. Users are tricked into visiting malicious Web pages attempting to exploit the coding errors.

The highly ubiquitous Flash Player browser component has been a coveted target of cybercriminals. Many of the attacks are generated by automated attack toolkits designed to help build drive-by attack websites that target Flash Player vulnerabilities to infect visitors with malware, say security experts.

So far the attacks targeting the latest vulnerabilities appear to be designed for the Firefox browser, Adobe said. The Firefox sandbox for Flash Player does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, according to a vulnerability listing in the Common Vulnerabilities and Exposures database. The other coding error was identified in the ActionScript functionality, which is designed for control and code reusability in more complex Flash applications.

The company's security bulletin indicates a total of three flaws were repaired in the update, which impacts users of Flash Player on Windows, Macintosh and Linux PCs. The company gave the update its highest priority rating for Flash Player running on Windows and Macintosh computers.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.

Adobe issued two updates to Flash Player in less than a week in February. One of the updates fixed 17 flaws in the browser component.

PUBLISHED MARCH 4, 2013