Adobe issues emergency update to fix cross-platform Flash exploit
Adobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer .
Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.
First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.
Source: Adobe
While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.
Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.
First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.
"Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235," Adobe said in the bulletin. "Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9."
Source: Adobe
While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.
Comments
When is FLASH not a problem?
When it's not installed...
Seems like I read about a flash exploit every 2 days. Fucking amazing. The sooner the platform is completely dead and irrelevant, the better. Not sure where we'd be without Apple who dealt it some fatal blows. SJ was completely right to keep flash off iOS.
Hilariously, this same headline could have been run any time over the past 12+ years. I guess people just can't get enough of Internet Explorer.
Quote:
Originally Posted by Slurpy
Seems like I read about a flash exploit every 2 days. Fucking amazing. The sooner the platform is completely dead and irrelevant, the better. Not sure where we'd be without Apple who dealt it some fatal blows. SJ was completely right to keep flash off iOS.
If HTML5 wasn't such a pain in the ass to develop, Flash would be irrelevant, except for a few nice features that are unique to Flash and Java.
HTML5 compared to Flash is like building your own electric vehicle and your own solar panel which takes 12 hours of sun to charge the battery so you can drive 20 miles an hour with a range of 10 miles.
But what the heck, it doesn't require any gasoline so it must be better.
Its a hell lot better than digging miles deep for oil, wait days to refine it into gasoline than falling into the hole.
Quote:
Originally Posted by lightstriker
Its a hell lot better than digging miles deep for oil, wait days to refine it into gasoline than falling into the hole.
Well to continue with the car analogy, I look at Flash as the SUV of the web. It is irresponsible to use it to commute to work everyday all by yourself when there is perfectly good public transportation, but rather nice to have when you want to take the family camping or to the beach, load it up with groceries or gardening supplies from Home Depot. As far as HTML5 or Flash is concerned I'd rather not have anything moving around on my web page anyway, unless it served a purpose. I like to point to the Google finance app as a useful implementation of Flash. The rest of the time I just need static images and text.
I've found a compromise for my Mac. I install Flash, then sandbox it in one web browser, iCab. The rest of my applications behave as though Flash isn't installed.
You have to put the two pertinent plug-ins into a Plugins folder in iCab. Here's what I do in Terminal.
You can also do the same for the Silverlight plug-in if it's installed on your system.
That's it. All your other apps will look for Flash in the /Library/Internet Plug-Ins folder. Since it's not there, they assume it's not installed.
iCab itself will load the plug-ins in the main Library as well as whatever is in its own folder.
It turns out that most of the websites I normally access behave just fine without Flash. I end up firing up iCab maybe once or twice a month for a few minutes. Maybe a year ago, I was doing it a couple times a week, but as the iPad grows in popularity, more and more site operators seem to be getting the message and are moving away from Flash.
Quote:
Originally Posted by Slurpy
Seems like I read about a flash exploit every 2 days...
yeah, right. No hyperbole there.
I remember the 15 from last month (oh, wait, that was Safari)
Quote:
Originally Posted by cvaldes1831
I've found a compromise for my Mac. I install Flash, then sandbox it in one web browser, iCab. The rest of my applications behave as though Flash isn't installed.
I go further than that. No Flash in my browser (so that I never report as having Flash to any website) and then if I MUST view a Flash element, I just download it and play it here:
The Flash Projector standalone application. That's obviously not the icon it comes with. I just found it fitting.
Quote:
Originally Posted by Slurpy
Seems like I read about a flash exploit every 2 days. Fucking amazing. The sooner the platform is completely dead and irrelevant, the better. Not sure where we'd be without Apple who dealt it some fatal blows. SJ was completely right to keep flash off iOS.
How does a 99% install base and continued adoption and development constitute a fatal blow? Why is everyone on this board blind? You'd rather have slow security updates maybe?
Quote:
Originally Posted by mstone
If HTML5 wasn't such a pain in the ass to develop, Flash would be irrelevant, except for a few nice features that are unique to Flash and Java.
HTML5 compared to Flash is like building your own electric vehicle and your own solar panel which takes 12 hours of sun to charge the battery so you can drive 20 miles an hour with a range of 10 miles.
But what the heck, it doesn't require any gasoline so it must be better.
More than a few nice features. What people don't get is that HTML5 allows you to do more with Flash than you were able to do before, so nobody using Flash sees HTML5 as the enemy, yet the onslaught of ignorant apple fans continues to bemoan it as the greatest evil the world has ever faced. Flash has limits, but it's a pretty awesome piece of software. HTML5 has limits, but it's warmly welcomed by all web developers.
Quote:
Originally Posted by Tallest Skil
I go further than that. No Flash in my browser (so that I never report as having Flash to any website) and then if I MUST view a Flash element, I just download it and play it here:
The Flash Projector standalone application. That's obviously not the icon it comes with. I just found it fitting.
You're so awesome. I wish we could all be as awesome as you.
Quote:
Originally Posted by jeffreytgilbert
You're so awesome. I wish we could all be as awesome as you.
Having an opinion about Flash isn't report-worthy, you understand.
Several months ago I completely nuked Flash from Firefox and Safari. Life has never been better. I just have it on Chrome for those, ahem, videos. Let me just say that iPad and HTML5 adult entertainment has large (pun unintended) opportunities still.
Quote:
Originally Posted by Tallest Skil
I go further than that. No Flash in my browser (so that I never report as having Flash to any website) and then if I MUST view a Flash element, I just download it and play it here:
The Flash Projector standalone application. That's obviously not the icon it comes with. I just found it fitting.