Late Thursday 10th July Apple issued a security message saying it has blocked old versions of Adobe’s Flash Player plug-in for Safari, as a recent flaw has been found that could potentially allow hackers to steal browser data — including cookies — on Macs, PCs, and Linux machines prompting Adobe to issue a patch and urge users to upgrade their system as soon as possible.
Therefore Apple has taken action against this vulnerability by restricting plug-in access through its Safari Web browser.
If you have the out of date plugin you’ll get a message saying, “Blocked plug-in,” “Flash Security Alert” or “Flash out-of-date” when attempting to access Flash content in Safari. Clicking on the alert takes you to Adobe, where the latest version of the plug-in can be downloaded and installed.
According to Adobe, the flaw can be found in Flash Player for Mac version 184.108.40.206 and earlier. After an exploit was demonstrated by a Google engineer Adobe advised Mac users to update to version 220.127.116.11. Aside from OS X, Windows and Linux builds of Flash were also affected by the bug.
The flaw relies on specially-crafted SWF files that consist entirely of alphanumeric characters, which will be executed by Flash Player even though they are not valid Flash files. Those malicious files can take advantage of the special privileges granted to embedded objects on a web page, making cross-domain requests on behalf of a user and capturing returned data.