Adobe releases Flash update to address new attacks on Mac and Windows

Posted:
in macOS edited January 2014
In a security advisory published on Thursday, Adobe announced the immediate availability of a patch covering two newly discovered Flash vulnerabilities that are being exploited "in the wild."

Flash


The two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.

Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.

From Adobe's release:
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
The second bug, cataloged as CVE-2013-0633, only affects Windows machines and uses a similar Microsoft Word document trojan to execute attacks.

The Adobe Flash patch can be found on the company's website, and users can visit this page to check if their software is the most curent 11.5.502.149 version.

Comments

  • Reply 1 of 11
    robmrobm Posts: 1,068member


    uhh - thanks Adobe, I guess.


    Why not do the world a favour and just send it the way of GoLive, Freehand ...


     


    Send a clear message to all the flash coderz - it's dead, no longer supported.


     


    Sent from my iPad

  • Reply 2 of 11
    nasseraenasserae Posts: 3,167member


    Removed Flash from my Mac more than two years ago. No more crashes, freezes.. etc. No problems.

  • Reply 3 of 11
    robmrobm Posts: 1,068member


    heh, my kids would kill me !

  • Reply 4 of 11
    jkichlinejkichline Posts: 1,369member


    I said it in 2009. Flash is dead. Please just kill it already Adobe.

  • Reply 5 of 11
    asciiascii Posts: 5,936member


    If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.

  • Reply 6 of 11
    dysamoriadysamoria Posts: 3,430member
    When will Adobe release a version of Flash that's faster and lighter on resources??
  • Reply 7 of 11


    Originally Posted by dysamoria View Post

    …a version of Flash that's faster and lighter on resources??


     


    Does… not… compute!

  • Reply 8 of 11
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by RobM View Post


    uhh - thanks Adobe, I guess.


    Why not do the world a favour and just send it the way of GoLive, Freehand ...


     


    Send a clear message to all the flash coderz - it's dead, no longer supported.


     


    Sent from my iPad



    There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.


    Quote:

    Originally Posted by ascii View Post


    If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.



    It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.

  • Reply 9 of 11
    bigmac2bigmac2 Posts: 639member

    Quote:

    Originally Posted by ascii View Post


    If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.



     


    I use the excellent Clicktoplugin (formally clicktoflash) for viewing HTML5 feed on youtube, great tool for ripping Youtube video btw.

  • Reply 10 of 11
    bigmac2bigmac2 Posts: 639member

    Quote:

    Originally Posted by mstone View Post


    There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.


    It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.



     


    There is many great HTML5 authoring tools like Hype already.  I've got many issue with Flash content around the web, for me using flash as a video player is absurd and inefficient, but even worst flash have been a way to track users without their knowledge, flash cookies are outside browsers controls and do not depend on browsers security setting.  Ads tracking have been one key features in flash popularity around the web and the reason why Google has built-in flash within their browsers.

  • Reply 11 of 11
    Adobe has a great resource doc, with beautiful Retina screendumps ¡

    [IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/20386/width/500/height/1000[/IMG]
Sign In or Register to comment.