IT security and data protection firm Sophos has this morning
issued a security warning to Mac users upgrading to Apple's new
Snow Leopard OS.
Those who choose to upgrade to Mac's latest operating system
could find themselves exposed to security threats that they thought
they had already patched against.
Mac users are not informed that Snow Leopard discreetly
downgrades their version of Flash without permission. As a result,
the version shipped with Snow Leopard (and which you are downgraded
to) is inherently insecure and leaves users exposed to a raft of
potential attacks and exploits which have been targeted on Adobe's
software in recent months.
Graham
Cluley, senior technology consultant at Sophos, has created a
short video to demonstrate the security issue:
In the video, Cluley urges Mac users who have upgraded to Snow
Leopard to double-check that their version of Adobe Flash is
current and - if not - update it immediately from http://get.adobe.com/flashplayer/
"This should be done as a matter of priority," explained Cluley.
"Mac users who have been diligent enough to keep their security
up-to-date do not deserve to be silently downgraded. In many ways,
Adobe is 'the new Microsoft' when it comes to security
vulnerabilities, with hackers targeting its code looking for ways
to infect users. That's deeply concerning because it is so widely
used by many internet users, whether on Mac or PC."
"Adobe has acknowledged that previous versions of Flash should
not be used for security reasons, but Apple is switching users from
the version that is considered current to this old one. It's vital,
therefore, that users ensure they are running the latest version -
and that, in the future, operating system manufacturers do not
reduce their customers' level of security without warning," Cluley
added.
Further insight into this security issue can be found on
Graham
Cluley's blog.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.