The Heartbleed bug is a nasty one. It affects web servers - the computers that power websites. It does not affect your computer or iOS device, but it makes you vulnerable because hackers can potentially steal your details from the sites you visit. It’s a flaw in OpenSSL, an encryption technology used by the vast majority of websites on the Internet, although not Apple’s website or its online services like iCloud.
The flaw allows hackers to pull data from a server’s working memory, including the server’s encryption keys. That would allow hackers to decrypt all traffic to and from the server, exposing sensitive data like logins, passwords and everything else.
Users are recommended to change their passwords on all services that may have been affected. Mashable provides a list of services where you should change your password.
This means you can have the Flash player installed on your Mac, but blocked for your wider web experience, while still being allowed on a few select sites that you trust the plugin to run on. This serves as a perfectly reasonable alternative to uninstalling the plugin in it's entirety, and it's easy to configure for all websites and selective websites in Safari for OS X.
- Open Safari and then go to "Preferences", accessible from the Safari menu.
- Choose the "Security" tab and look for "Internet plug-ins", then click the "Manage Website Settings…" button.
- Select "Adobe Flash Player" from the left side to gather a list of websites that have used or attempted to use the Flash plug-in.
- Pull down the menu alongside each URL to fine-tune Flash for that website, choosing one of five options:
Ask – Safari will ask permission to run Flash if it is encountered.
Block – blocks all Flash for the website from automatically loading, this is essentially like Click-To-Play and can be overruled by selecting a Flash object and choosing to run.
Allow – Flash will always run when encountered for that specific website.
Allow Always – Flash will always run when encountered for specific websites, even if the Flash plugin has been disabled due to being outdated or insecure.
Run in Unsafe Mode – not recommended, overrides any security preferences within Safari to give Flash free reign to run.