Snow Leopard upgrade leads to Adobe Flash security downgrade, warns Sophos

September 03, 2009 Sophos Press Release

IT security and data protection firm Sophos has this morning issued a security warning to Mac users upgrading to Apple's new Snow Leopard OS.

Those who choose to upgrade to Mac's latest operating system could find themselves exposed to security threats that they thought they had already patched against.

Mac users are not informed that Snow Leopard discreetly downgrades their version of Flash without permission. As a result, the version shipped with Snow Leopard (and which you are downgraded to) is inherently insecure and leaves users exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months.

Graham Cluley, senior technology consultant at Sophos, has created a short video to demonstrate the security issue:

In the video, Cluley urges Mac users who have upgraded to Snow Leopard to double-check that their version of Adobe Flash is current and - if not - update it immediately from http://get.adobe.com/flashplayer/

"This should be done as a matter of priority," explained Cluley. "Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded. In many ways, Adobe is 'the new Microsoft' when it comes to security vulnerabilities, with hackers targeting its code looking for ways to infect users. That's deeply concerning because it is so widely used by many internet users, whether on Mac or PC."

"Adobe has acknowledged that previous versions of Flash should not be used for security reasons, but Apple is switching users from the version that is considered current to this old one. It's vital, therefore, that users ensure they are running the latest version - and that, in the future, operating system manufacturers do not reduce their customers' level of security without warning," Cluley added.

Further insight into this security issue can be found on Graham Cluley's blog.