

Snow Leopard ships with vulnerable Flash Player - there
http://blogs.zdnet.com/security/?p=4175

======
rimantas
The best upgrade for my Flash experience on Mac:
<http://rentzsch.github.com/clicktoflash/>

------
harpastum
Really spotty story in terms of actual facts. Ok, it's an outdated version.
How outdated? Are there any documented exploits that were fixed in the new
version? The story never goes into detail about what exactly makes this
version "vulnerable".

I just installed snow leopard on my computer today. I haven't checked to see
if my flash is in fact out of date (I'm typing this on my iPod touch), and
I'll certainly upgrade if it is, but I see no reason to get excited about it.

~~~
colinprince
_first it will download any necessary software updates that have come out
since the disc was pressed_

(from <http://daringfireball.net/linked/2009/08/28/murphy>)

Does anyone know if this covers Flash?

~~~
eli
It does not.

------
johnnybgoode
They should stop shipping Flash with the OS. Anyone know if Windows 7 is going
to ship with Flash, too?

~~~
wyday
Windows 7 doesn't ship with flash. In fact, Windows has never shipped with
flash.

~~~
pvg
I don't know if it ships with Windows 7 but it's certainly shipped with
Windows before.

[http://www.pcworld.com/businesscenter/article/146623/windows...](http://www.pcworld.com/businesscenter/article/146623/windows_xp_sp3_includes_vulnerable_flash_player.html)

Googling around you can also find announcements that Flash 5 will ship with
Windows XP.

~~~
wyday
That was a downloadable service pack, and it was an optional component.

At any rate, I'm using Windows 7 right now. I assure you I'm not lying.

~~~
pvg
<http://www.adobe.com/macromedia/proom/pr/2001/fp5_msxp.html>

Windows has shipped with Flash. I didn't say you're lying, I said 'Windows has
never shipped with Flash' is inaccurate.

~~~
wyday
Oh, you're right. It looks like Windows XP was the first and last version of
Windows to include Flash.

------
raquo
Are there actually any not vulnerable Flash players? Or at least not _yet_
vulnerable?

------
jpcx01
Ugghh... i wish flash would just go the fuck away.

------
joubert
Mine isn't outdated as the article says.

------
lisper
You know, this could be an elaborate phishing scam. The download page for the
new Flash player is not secure. You could be installing a Trojan horse if you
"upgrade."

~~~
gjm11
A phishing scam where someone (1) compromised Adobe's web server, (2)
persuaded Apple that there is a security problem that isn't really there, and
(3) got ZDnet to report on it. Yeah, that's really likely.

