Snow Leopard upgrade leads to Adobe Flash security downgrade, warns Sophos

Sophos Press Release

IT security and data protection firm Sophos has this morning issued a security warning to Mac users upgrading to Apple's new Snow Leopard OS.

Those who choose to upgrade to Mac's latest operating system could find themselves exposed to security threats that they thought they had already patched against.

Mac users are not informed that Snow Leopard discreetly downgrades their version of Flash without permission. As a result, the version shipped with Snow Leopard (and which you are downgraded to) is inherently insecure and leaves users exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months.

Graham Cluley, senior technology consultant at Sophos, has created a short video to demonstrate the security issue:

In the video, Cluley urges Mac users who have upgraded to Snow Leopard to double-check that their version of Adobe Flash is current and - if not - update it immediately from http://get.adobe.com/flashplayer/

"This should be done as a matter of priority," explained Cluley. "Mac users who have been diligent enough to keep their security up-to-date do not deserve to be silently downgraded. In many ways, Adobe is 'the new Microsoft' when it comes to security vulnerabilities, with hackers targeting its code looking for ways to infect users. That's deeply concerning because it is so widely used by many internet users, whether on Mac or PC."

"Adobe has acknowledged that previous versions of Flash should not be used for security reasons, but Apple is switching users from the version that is considered current to this old one. It's vital, therefore, that users ensure they are running the latest version - and that, in the future, operating system manufacturers do not reduce their customers' level of security without warning," Cluley added.

Further insight into this security issue can be found on Graham Cluley's blog.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.