or Connect
AppleInsider › Forums › Software › Mac OS X › Flash flaw could allow attackers to remotely control Macs and PCs, Adobe issues critical update
New Posts  All Forums:Forum Nav:

Flash flaw could allow attackers to remotely control Macs and PCs, Adobe issues critical update

post #1 of 48
Thread Starter 
Adobe on Tuesday released a security update for their Flash Player to address a vulnerability that could allow an attacker to remotely take control of users' computers, an exploit that the company says has been documented in the wild.

Adobe Flash Player


According to Adobe, both Mac and Windows machines running Flash Player version 12.0.0.43 or earlier are susceptible to the attack. Linux users are not immune, as the bug also affects Flash Player versions 11.2.202.335 and earlier on the platform.

Users can verify the Flash version installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content and choosing "About Adobe Flash Player" from the contextual menu.

Windows and Mac users are urged to update to Flash Player 12.0.0.44 as soon as possible, while Linux users should install version 11.2.202.336. Flash Player plugins installed with Google's Chrome browser or Microsoft's Internet Explorer 10 or 11 will be automatically updated, Adobe says.

The bug --?assigned CVE code CVE-2014-0497 --?was reported by researchers Alexander Polyakov and Anton Ivanov of Kaspersky Labs.
post #2 of 48
This, and the horrendous toll on battery life, are why I don't have Flash installed on my MBA.
post #3 of 48

Can we finally just ditch Flash from the Internet ecosystem already, please?

post #4 of 48
What a joke, click Check Now for updates in the Flash PrefPane, and it says 12.0.0.38 is latest...

FAIL.
post #5 of 48

Flash = Adobe's evil twin.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #6 of 48
Quote:
Originally Posted by jkichline View Post

This, and the horrendous toll on battery life, are why I don't have Flash installed on my MBA.

 

And for what?  A bunch of cheezy animated ads?  Shameful that this is Adobe's legacy.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #7 of 48
Quote:
Originally Posted by libertyforall View Post

What a joke, click Check Now for updates in the Flash PrefPane, and it says 12.0.0.38 is latest...

FAIL.

Check again. 

Quote:

Originally Posted by jkichline View Post

This, and the horrendous toll on battery life, are why I don't have Flash installed on my MBA.

 

 

Quote:
Originally Posted by Ursadorable View Post
 

Can we finally just ditch Flash from the Internet ecosystem already, please?

 

 
Quote:
Originally Posted by John.B View Post
 

 

And for what?  A bunch of cheezy animated ads?  Shameful that this is Adobe's legacy.

 

Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

 

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.

post #8 of 48

Is this for the "known" security issue or to patch the "unknown" NSA backdoor?  Oops.

post #9 of 48
Thank you Adobe for reminding everyone why your Flash product is the software equivalent of the Titanic taking on water.

I look forward to the day this trash product goes into the Internet history archives, where it should have been ages ago.
post #10 of 48
Quote:
Originally Posted by libertyforall View Post

What a joke, click Check Now for updates in the Flash PrefPane, and it says 12.0.0.38 is latest...

FAIL.

Mine found it. I have my settings to not run Flash unless I approve it but I can't believe how many websites have it running and it's not apparent where it's running. I can see the typical notification on some sites but other on other ones it's not as apparent.

post #11 of 48

Unfortunately, I do have experience with Flash. I was a system architect for an interactive design agency. I've worked in Flash and Flex development and after having done so, believe that it is a woeful technology that does not transition well in the mobile world. In addition I saw a number of projects overrun on budget and time due to the promise of faster development cycles on a nascent technology that were never realized. While Flash/Flex provided a better framework for building sophisticated apps, I think it many cases it is overkill and can be done more simply HTML 5, especially with modern frameworks such as JQuery, etc.

 

In addition, Flash does not run on mobile devices because if it's drawbacks and is thus irrelevant in the increasingly post-PC world.

post #12 of 48
Quote:
Originally Posted by pmz View Post




Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.

No one disputes the importance of Adobe Flash especially prior to 2008 but the importance of Adobe Flash is declining rapidly. Companies that can't adjust will also see their products and services decline in importance over the next five years.
post #13 of 48
Quote:
Originally Posted by MacBook Pro View Post

No one disputes the importance of Adobe Flash especially prior to 2008 but the importance of Adobe Flash is declining rapidly. Companies that can't adjust will also see their products and services decline in importance over the next five years.

Precisely. When I'm on my iPad or iPhone and come across a Flash-only site, I don't blame Apple. I blame the website company and they lose my business. They need to wake up and get off this antiquated technology.
post #14 of 48
Quote:
Originally Posted by pmz View Post

[QUOTE name="jDon't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.

Using 'Flash' and 'sophisticated web applications' in the same sentence seems odd. I don't see anything sophisticated about this software. Care to elaborate? Or is the answer right in front of me, but I simply can't see it as I don't have Flash installed on my Mac?
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
post #15 of 48

Is this really surprising, since Adobe's PDF source code was compromised and leaked onto the web... who knows how far it goes?

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #16 of 48

I wish the NY Times would lead by example and convert their videos to HTML5, and discard Flash.

 

They shouldn't wait until the day when they deliver a computer-controlling, hacked Flash video to their readers. You know that day is coming.

 

And anyone else serving Flash videos should be responsible as well.

 

 

And while we're on the subject of Adobe... their software rental-only policy!!!... (going red in the face).... (steam exiting ears)... They'll have to get my first $50 payment by pulling it out of my cold, dead hands!

post #17 of 48
Quote:
Originally Posted by pmz View Post
 

 

 

 

 

Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

 

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.


It is used in applications, but more and more each day I can surf without flash turned on.   With the toll in battery life as well as the security risks it is safer off and turned on when needed.

post #18 of 48
Enough... uninstalled!
post #19 of 48
Another ploy by Adobe to get everyone to install the latest version of their Flash Player to increase the "installed base" numbers on their latest version to make it look like a viable platform to code to.
post #20 of 48
Quote:
Originally Posted by Ursadorable View Post
 

Can we finally just ditch Flash from the Internet ecosystem already, please?

Once you update, redo, or delete the millions of flash applets, plug ins, games, videos, etc. that have been posted, then sure!

post #21 of 48
Quote:
Originally Posted by stevenoz View Post
 

I wish the NY Times would lead by example and convert their videos to HTML5, and discard Flash.

 

They shouldn't wait until the day when they deliver a computer-controlling, hacked Flash video to their readers. You know that day is coming.

 

And anyone else serving Flash videos should be responsible as well.

 

 

And while we're on the subject of Adobe... their software rental-only policy!!!... (going red in the face).... (steam exiting ears)... They'll have to get my first $50 payment by pulling it out of my cold, dead hands!

Maybe you can beat them with your buggy whip!

post #22 of 48
Adobe Flash:

A virus that you can install on your computer with a secondary feature that displays stuff for you.
post #23 of 48
Quote:
Originally Posted by pmz View Post
 

Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

 

I live my entire work life "outside the Apple bubble".

 

Quote:
Originally Posted by pmz View Post

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.

 

I'm guessing the Flash developer among us just outed himself.     :lol:

 

And, yes, it is shameful that Adobe let this become their legacy.   On any given day, go to bing.com/news or (heaven forbid) news.google.com, type "Adobe" in the search box, and count the ratio of stories about Flash vulnerabilities to the total.   On second thought, "shameful" might be an understatement.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #24 of 48
Quote:
Originally Posted by John.B View Post
 

 

I live my entire work life "outside the Apple bubble".

 

 

I'm guessing the Flash developer among us just outed himself.     :lol:

 

And, yes, it is shameful that Adobe let this become their legacy.   On any given day, go to bing.com/news or (heaven forbid) news.google.com, type "Adobe" in the search box, and count the ratio of stories about Flash vulnerabilities to the total.   On second thought, "shameful" might be an understatement.

 

I may not technically be a Flash developer, but I certainly work with several, and they are still able to do things in the swf that html5 cannot. Yet, I don't know a single Flash developer that doesn't have an "HTML5 plan" for the next few years.

 

While the Apple-ites (of which I'm normally one) seem to think Flash is dead...the reality it, No. Its not. Not yet. But in approximately 5 years, it will be, mostly dead.

post #25 of 48
Quote:
Originally Posted by pmz View Post
 

I may not technically be a Flash developer, but I certainly work with several, and they are still able to do things in the swf that html5 cannot. Yet, I don't know a single Flash developer that doesn't have an "HTML5 plan" for the next few years.

 

Five years?  How do Flash developers reach mobile users today?

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #26 of 48
Quote:
Originally Posted by Conrail View Post

Maybe you can beat them with your buggy whip!
Why not, they beat us with their buggy software daily... 1wink.gif
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
post #27 of 48

There's something that I can't understand. Google owns Android and Youtube. Facebook's mobile apps is becoming increasingly important...

A) Why do we have flash ads and every single embedded video as flash on facebook;

B) Why most youtube videos can't be seem without flash because flash ads won't load;

C) Why does Chrome, a great browser (second only behind safari 7 for mac), still brings flash to kill our smoothness and battery life? To please useless gamers that demand it because of what I mentioned above?

 

Just kill the damn thing. I refuse to install it on safari.

Together with having an Android phone, flash is one reason to install Chrome.

post #28 of 48
Quote:
Originally Posted by John.B View Post

Five years?  How do Flash developers reach mobile users today?

I believe the reason some of us refer to a continued lifespan of another five years for Adobe Flash is enterprise applications. Unfortunately, many enterprise applications still require Adobe Flash for some functionality. Changing enterprise application vendors is almost never any easy proposition.
post #29 of 48
FLASH WHO???
post #30 of 48
Adobe Flash is still viable for video because so many users are still on an older version of Internet Explorer. If all those Explorer people would upgrade we could get rid of Flash for video.

It is still the most powerful platform for animation and some graphics based applications for which there is no easy substitute, but for video it should be retired.

The main problem with Flash is that it has too much power. It can read and write files, connect to databases, send mail, etc. That is where they get into trouble. It just has too much capability in a single package which opens a lot of security risks.

But Adobe is ready in the wings to take control of video once again though, with Primetime, their latest video format that will be compatible with virtually everything including iOS and is much more locked down than Flash because it will run from their servers not in the open Internet . It will still require a standalone player app. This is mainly for big sites not small startups. It has analytics, ads, DRM etc, etc. so the Adobe haters will enjoy many more years of whining even after the demise of Flash.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #31 of 48

Hey Adobe.  Your last-century antique software sucks.

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #32 of 48
Quote:
Originally Posted by mstone View Post

Adobe Flash is still viable for video because so many users are still on an older version of Internet Explorer. If all those Explorer people would upgrade we could get rid of Flash for video.

It is still the most powerful platform for animation and some graphics based applications for which there is no easy substitute, but for video it should be retired.

The main problem with Flash is that it has too much power. It can read and write files, connect to databases, send mail, etc. That is where they get into trouble. It just has too much capability in a single package which opens a lot of security risks.

But Adobe is ready in the wings to take control of video once again though, with Primetime, their latest video format that will be compatible with virtually everything including iOS and is much more locked down than Flash because it will run from their servers not in the open Internet . It will still require a standalone player app. This is mainly for big sites not small startups. It has analytics, ads, DRM etc, etc. so the Adobe haters will enjoy many more years of whining even after the demise of Flash.

 

Wow.  Just listen to this guy.

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #33 of 48

How does one turn off and on Flash without removing it from the system? I know it is a plug-in for Firefox. I don't see where to just turn it off and on easily. I also use Chrome when Firefox is too slow.

post #34 of 48
Quote:
Originally Posted by Smallwheels View Post
 

How does one turn off and on Flash without removing it from the system? I know it is a plug-in for Firefox. I don't see where to just turn it off and on easily. I also use Chrome when Firefox is too slow.

 

I'm on a PC at work at the moment, and I'm not sure things look the same on Chrome for Mac, but:

 

1. Settings

2. "Content Settings" under "Privacy"

3. "Disable individual plug-ins" under "Plug-ins"

4. Disable Flash

 

While you're there, if you happen to have the Adobe PDF viewer selected instead of Chrome's, switch to the Chrome one. It's faster and also less feature-rich, so probably more secure against attacks that target Adobe's crappy security measures.

post #35 of 48
Quote:
Originally Posted by Conrail View Post
 

Maybe you can beat them with your buggy whip!


What's a 'buggy whip'? You must be an old guy.

post #36 of 48

I haven't installed Flash on my system, and if I really need to view a site with Flash, I'll run Chrome, which has its own embedded Flash player.

post #37 of 48
Quote:
Originally Posted by pmz View Post
 

 

 

 

 

Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.

 

Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.

 

This kind of "close enough, good enough" thinking that typifies the PC world, drives me crazy.

 

Flash might be easy to code for (debatable) but doesn't provide a good user experience - it's propriery, resource intensive does not allow the user to perform secondary click actions and creates yet another hidey hole for advertisers and trackers to snoop on the unwitting user.

post #38 of 48
Quote:
Originally Posted by Dunks View Post
 

This kind of "close enough, good enough" thinking that typifies the PC world, drives me crazy.

 

Flash might be easy to code for (debatable) but doesn't provide a good user experience - it's propriery, resource intensive does not allow the user to perform secondary click actions and creates yet another hidey hole for advertisers and trackers to snoop on the unwitting user.

Totally agree. Flash was not designed originally to be an advertiser hidey hole medium. It was an evolution of Director, AuthorWare, and Future Splash all designed as simple straight forward  multimedia delivery tools mostly for disc based animation. It just got perverted once the Internet became available. As the video wars erupted Flash became the ubiquitous refuge for content providers, but the underlying feature set made it a prime target for abuse.

 

In the early days the video wars were about QuickTime, AVI, and RealPlayer. As the medium evolved both Micosoft and Apple developed streaming servers and eventually squeezed out Real. When Macromedia introduced Flash as an alternative to the two warring heavyweights nobody complained and within a very short time it became the video delivery platform of choice.

 

It wasn't until the introduction of iPhone did that standard become disrupted.

 

Now the video wars are even more troublesome than in the early days. As developers, it has come down to only one practical solution. Everything must be delivered through YouTube. No longer can a solo developer host their own video. You need around 20 different versions of every clip. One for each codec, WebM, H.264, Ogg, and Flash for older browsers, and also in several different resolutions depending on the device and the connection speed.  It is a nightmare. Fortunately YouTube takes care of all the backend issues, which is great so long as you want all your video hosted there.

 

Flash Player is like any other software. The more features you pack into it the bigger the power and memory overhead is going to be. Every software is subject to exploitation and will need updates. Apple , Microsoft and Adobe all issue security updates on a routine basis. Bottom line is that if you don't like Adobe, Apple or Microsoft software, you don't have to use them, but some content may not be available depending on your choices.


Edited by mstone - 2/4/14 at 10:53pm

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #39 of 48
Quote:
Originally Posted by Smallwheels View Post

How does one turn off and on Flash without removing it from the system? I know it is a plug-in for Firefox. I don't see where to just turn it off and on easily. I also use Chrome when Firefox is too slow.

http://clicktoflash.com/
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
"Fibonacci: As easy as 1, 1, 2, 3..."
Reply
post #40 of 48
Quote:
Originally Posted by Danox View Post

FLASH WHO???

 

Flash Ah-A, saviour of the Universe.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
  • Flash flaw could allow attackers to remotely control Macs and PCs, Adobe issues critical update
AppleInsider › Forums › Software › Mac OS X › Flash flaw could allow attackers to remotely control Macs and PCs, Adobe issues critical update