Kudos to Apple. Last week they decided to start blocking vulnerable versions of Adobe Flash plugins from running in the built-in Safari web browser. This is in direct response to the active exploits in the wild affecting Macs as well as PCs. Users who fail to update when prompted are now receiving an error message indicating the “Blocked Plugin” when they try to visit a website that invokes the Flash plugin. Apple did something similar when they blocked Java on February 1st, 2013 in response the the zero-day we reported here. The users receiving the error need to visit the Adobe website and manually install the update in order to continue viewing Flash content.
The attacks will continue, and the targets are now more frequently platform agnostic. Hackers realize that Mac users may be less security conscious, believing their beloved OS to be invulnerable to attack. This misconception is slowly being dismantled, though Apple is taking a very responsible step in blocking the plugins as exploits appear in the Mac ecosystem. We wish Microsoft would follow suit. Nearly all current computer exploits, malware, and viruses come from the vulnerabilities in Adobe and Java plugins.