or Connect
AppleInsider › Forums › Software › Mac OS X › Adobe releases Flash update to address new attacks on Mac and Windows
New Posts  All Forums:Forum Nav:

Adobe releases Flash update to address new attacks on Mac and Windows

post #1 of 12
Thread Starter 
In a security advisory published on Thursday, Adobe announced the immediate availability of a patch covering two newly discovered Flash vulnerabilities that are being exploited "in the wild."

Flash


The two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.

Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.

From Adobe's release:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The second bug, cataloged as CVE-2013-0633, only affects Windows machines and uses a similar Microsoft Word document trojan to execute attacks.

The Adobe Flash patch can be found on the company's website, and users can visit this page to check if their software is the most curent 11.5.502.149 version.
post #2 of 12

uhh - thanks Adobe, I guess.

Why not do the world a favour and just send it the way of GoLive, Freehand ...

 

Send a clear message to all the flash coderz - it's dead, no longer supported.

 

Sent from my iPad

post #3 of 12

Removed Flash from my Mac more than two years ago. No more crashes, freezes.. etc. No problems.

post #4 of 12

heh, my kids would kill me !

post #5 of 12

I said it in 2009. Flash is dead. Please just kill it already Adobe.

post #6 of 12

If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.

post #7 of 12
When will Adobe release a version of Flash that's faster and lighter on resources??
post #8 of 12
Originally Posted by dysamoria View Post
…a version of Flash that's faster and lighter on resources??

 

Does… not… compute!

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply

Originally Posted by helia

I can break your arm if I apply enough force, but in normal handshaking this won't happen ever.
Reply
post #9 of 12
Quote:
Originally Posted by RobM View Post

uhh - thanks Adobe, I guess.

Why not do the world a favour and just send it the way of GoLive, Freehand ...

 

Send a clear message to all the flash coderz - it's dead, no longer supported.

 

Sent from my iPad

There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.

Quote:
Originally Posted by ascii View Post

If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.

It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #10 of 12
Quote:
Originally Posted by ascii View Post

If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.

 

I use the excellent Clicktoplugin (formally clicktoflash) for viewing HTML5 feed on youtube, great tool for ripping Youtube video btw.

post #11 of 12
Quote:
Originally Posted by mstone View Post

There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.

It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.

 

There is many great HTML5 authoring tools like Hype already.  I've got many issue with Flash content around the web, for me using flash as a video player is absurd and inefficient, but even worst flash have been a way to track users without their knowledge, flash cookies are outside browsers controls and do not depend on browsers security setting.  Ads tracking have been one key features in flash popularity around the web and the reason why Google has built-in flash within their browsers.


Edited by BigMac2 - 2/8/13 at 11:31am
post #12 of 12
Adobe has a great resource doc, with beautiful Retina screendumps ¡

How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
How to enter the Apple logo  on iOS:
/Settings/Keyboard/Shortcut and paste in  which you copied from an email draft or a note. Screendump
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Adobe releases Flash update to address new attacks on Mac and Windows