Yesterday Apple rolled out OS X 10.7.4 Lion along with updates to OS X 10.6 Snow Leopard and Safari. The main focus of these updates is security. Numerous security issues present in both operating systems are fixed, and Safari now blocks outdated versions of the Adobe Flash plugin by default.
On Tuesday we brought you news about a worrisome security flaw in Lion relating to FileVault. The login passwords of users whose computers were using legacy FileVault (i.e., encrypted files that were held over following an update to Lion from Snow Leopard) were being stored in a plain text file that was accessible to anyone with an administrator password. What’s more, with a little effort, someone without any password could gain access to the file.
That flaw is one of the numerous issues that have been fixed in the update to Lion. Additional fixes include a bluetooth error that could allow “arbitrary code” to be executed on a user’s machine, flaws that could allow “maliciously crafted” image files to execute arbitrary code, and numerous others. Full details of the releases can be found on Apple’s description page.
Meanwhile, Safari 5.1.7 for both Lion and Snow Leopard now automatically disabled outdated versions of Adobe Flash Player. Flash Player, due in large part to its ubiquity, has often been a target for malicious activity, and running an outdated version of Flash can leave a user’s browser vulnerable. To combat that problem, Safari now detects when your Flash Player plugin is out of date. When it is, a dialog box is displayed informing the user that Flash is out of date and has been disabled. You’re then given the option to download the update directly from Adobe’s website, or leave the plugin off. If you don’t want to do either, it is possible to turn the plugin back on manually. Instructions for doing so – along with the full details of the update – are available on Apple’s update description.