Plugin set to "Ask" before run, defaults to "Allow" after update
| Originator: | bouke | ||
| Number: | rdar://19469025 | Date Originated: | 2015-01-14 |
| Status: | Open | Resolved: | |
| Product: | Safari | Product Version: | 8.0.2 |
| Classification: | Security | Reproducible: | Didn't try |
Summary: I recently updated by Silverlight plugin. The plugin was set to "Ask" before allowing to run. However after updating the plugin, I discovered it being defaulted to "Allow". The result was that this plugin, however disallowed to run, was allowed on all websites and could have been used as an attack vector on my machine. Setting a plugin to "Ask", should never revert back to "Allow" after updating. Steps to Reproduce: 1. Install old version of Silverlight plugin 2. Set plugin to "Ask" before run 3. Update to new version of Silverlight plugin Expected Results: 4. Security setting reverted to "Allow" Actual Results: 4. Security setting should not revert to "Allow", but remain at "Ask" Version: OS X Yosemite 10.10.1, Safari 8.0.2
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!