Apple Begins to Blacklist Old Versions of Flash for Safari

Similar to what Mozilla did in its Firefox browser earlier this year, Apple has elected to block old, out-of-date versions of Adobe’s Flash Player product in Safari in hopes of getting users to update their systems.

Similar to what Mozilla did in its Firefox browser earlier this year, Apple has elected to block old, out-of-date versions of Adobe’s Flash Player product in Safari in hopes of getting users to update their systems.

According to a support document posted to its site on Friday, Apple updated Safari’s Web plug-in-blocking mechanism to display an “Adobe Flash Player is out of date” warning to urge users to update to the latest version. According to an accompanying article from Apple, users can download the most recent version of Flash directly from the warning and follow instructions onscreen to install the product.

The company went down a similar road earlier this year when it quietly blocked old versions of Oracle’s embattled Java product for security reasons. Apple may not have blocked it fast enough though as the company went on to become the victim of a zero-day attack in February that relied on a Java plug-in vulnerability for its exploit.

Both platforms are being blacklisted via Apple’s XProtect malware mitigation system which is crafted to notice and isolate malware.

The move follows a month in which Adobe released two emergency patches to address problems with Flash Player. The first patch, released in early February, fixed a drive-by download style attack that allowed attackers to send victims to websites that hosted malicious Flash files while the second affected a critical hole in Flash Player in Firefox.

At the end of January Mozilla made it so only the most recent version of Flash could be run on its Firefox product. Unlike Apple, which is outright blocking old versions of Flash, Firefox insists users “click-to-play” old versions of Flash, along with Silverlight, Java and Reader, making sure they understood the security implications with vulnerable plug-ins before running them.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.