Apple's Snow Leopard downgrades Flash

Apple's Snow Leopard, Mac OS X 10.6, downgrades the Adobe Flash Player installed on systems being upgraded with the updated operating system. The Flash Player version with Snow Leopard is 10.0.23.1, which is a later version number than the most recently reported vulnerable version, but it was being distributed at the same time as the flawed version and most probably suffers the same critical security issues. Adobe have confirmed the issue exists and recommend that Snow Leopard users update their Flash Player as soon as possible, by visiting http://get.adobe.com/flashplayer/ and installing version 10.0.32.18. Users can check what version of Flash Player is installed by going to Adobe's version check page.

During the development of Snow Leopard, and as far back as early July, developers were shipped beta versions which included Adobe Flash Player 10.0.23.1. Towards the end of July though, a critical security vulnerability was discovered in Flash Player version 10.0.22.87, the generally available Flash Player version. The Flash Player was updated on the last day of July, to version 10.0.32.18, but it appears either Adobe or Apple did not ensure that this update made it onto the "gold master" of Snow Leopard which was sent to manufacturing, according to reports, in mid August. It was this master that was then used to produce the Snow Leopard DVDs, which were made available in stores on August 28th. This means that users who did update the Flash Player on Mac OS X 10.5.8 at the start of August, and then upgraded to Snow Leopard will find that they are back to running a version which, although there are no specific security advisories for it, is most probably vulnerable to the same flaws as Flash Player 10.0.22.87.

• Flash Player Update and Snow Leopard, Adobe PSIRT advisory

Source:

http://www.h-online.com