Apple Ships Vulnerable Adobe Flash with 'Snow Leopard,' Sophos Reports

Apple is pushing out an older, vulnerable version of Adobe Flash Player with its "Snow Leopard" operating system upgrade, according to Sophos.

Snow Leopard, aka Mac OS X 10.6, hit the streets Aug. 28 with much fanfare about promised performance improvements. Apple also generated some buzz by including a malware scanner in the mix to analyze downloads for two known Trojan families.

However, the updated operating system also includes a version of Adobe Flash Player that is vulnerable to several bugs. During the update process, Apple silently downgrades the latest version of Flash Player for Mac—Version 10.0.32.18—to Version 10.0.23.1, Sophos reported Sept. 2.

"Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission and that they are now exposed to a raft of potential attacks and exploits [that have targeted] Adobe's software in recent months," blogged Graham Cluley, senior technology consultant at Sophos.

Adobe, as Cluley pointed out, has become a popular target for attackers. August statistics from Trusteer showed that nearly 80 percent of the roughly 2.5 million users Trusteer scanned were running vulnerable versions of Flash.

"Adobe is the 'new Microsoft' when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit," Cluley wrote in the blog post.

"If you're not sure which version of Adobe Flash you have on your computer (whatever operating system you use), take 30 seconds to visit their Website," he added. "Adobe will not only tell you what version of Flash you are running, they will also tell you what version you should be running."

 Apple did not respond to a request for comment about the issue.