Adobe Flash Emergency Update 11.6.602.171

Amen!

Spot on Jared :) i think i been seeing things one sided and not the overall picture. Apple are doing there best, it just we have higher standards and definitions of best lol

I think that would bé the best approach to address the problem with Apple when you get to talk to them face to face.

I think a proactive approach would bé effective than going in with all guns blazing lol

Adding the option of "click to play" would be a much simpler solution then totally blocking the plug-in.

If you are running an outdated version warn the user they are out of date but allow them to continue to run the plug-in. Maybe even run the current version, click to play last version, block all older versions. That would at least give time to test and push out the updates before the plug-in is totally blocked.

Nick, I do like that idea. I can bring that up with Apple as well.

There is a Safari extension call ClickToFlash that does exactly that. In addition to protecting from running unwanted Flash, the pages also does not load unwanted Flash and the pages load much faster.

Something similar for Java would be really nice.

But if Apple decided to block the current version of Flash player or Java that wouldn't help any.

Correct, but my point was that instead of outright blocking it, they could leave the plugins enabled for current versions and something like ClickToFlash (ClickToJava?) for outdated versions.

If they think that will delay users from updating, then they can also have some defaults setting that by default is the current behavior (works or it doesn't), with an option for the user to set it so that we get the additional option of having to click on it to let it run. Alternatively, could also have a third setting to just ignore XProtect. Also be able to set these three behaviors by product (Java 6, 7, or Flash).

Sounds good to me.

I do like the idea of 'click to play' type functionality for both of these products. I would like both companies to offer the option for enterprise admins to be able to control (read: lock) those settings to what we want it to be. In other words, give us not just the ability to turn it on, but turn it on programmatically AND lock it so the end user can't change it.

It might be seen as an inconvenience, but so what? Security is rarely about convenience.

Agreed - it's not their place to force people to update. I had this bite me just now: back in from being out for a couple of days, I get a call to verify that a current, very important recording is still in progress. The system GUI is java-based; I have no other way to check this system - but, it's our in-house server & I'm quite confident that I'm not going to be haXX0r3d by going there...but lo and behold, my system won't let me run the console, so I have to apologize to the caller & make them wait for me to update java, only to find out that the new java isn't running the f@&G( console correctly!*

Thank goodness for Firefox, which 1) gave me a click-through warning about java security, and 2) ran the application I needed to see.

I do think users need to be trained to do their updates, but this could be done with a nag window - it is extremely intrusive to have Apple commandeering MY machine and deciding what I'm allowed to run on it.