Adobe releases Flash update to address new attacks on Mac and Windows
In a security advisory published on Thursday, Adobe announced the immediate availability of a patch covering two newly discovered Flash vulnerabilities that are being exploited "in the wild."
The two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.
Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.
From Adobe's release:
The Adobe Flash patch can be found on the company's website, and users can visit this page to check if their software is the most curent 11.5.502.149 version.
The two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.
Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.
From Adobe's release:
The second bug, cataloged as CVE-2013-0633, only affects Windows machines and uses a similar Microsoft Word document trojan to execute attacks.Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
The Adobe Flash patch can be found on the company's website, and users can visit this page to check if their software is the most curent 11.5.502.149 version.
Comments
uhh - thanks Adobe, I guess.
Why not do the world a favour and just send it the way of GoLive, Freehand ...
Send a clear message to all the flash coderz - it's dead, no longer supported.
Sent from my iPad
Removed Flash from my Mac more than two years ago. No more crashes, freezes.. etc. No problems.
heh, my kids would kill me !
I said it in 2009. Flash is dead. Please just kill it already Adobe.
If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.
Originally Posted by dysamoria
…a version of Flash that's faster and lighter on resources??
Does… not… compute!
Quote:
Originally Posted by RobM
uhh - thanks Adobe, I guess.
Why not do the world a favour and just send it the way of GoLive, Freehand ...
Send a clear message to all the flash coderz - it's dead, no longer supported.
Sent from my iPad
There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.
Quote:
Originally Posted by ascii
If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.
It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.
Quote:
Originally Posted by ascii
If YouTube released a Mac app like they did for the iPad a lot less people would need Flash. They can't just use the HTML5 player because it doesn't support DRM but with their own app they could do whatever their copyright sensitive clients required.
I use the excellent Clicktoplugin (formally clicktoflash) for viewing HTML5 feed on youtube, great tool for ripping Youtube video btw.
Quote:
Originally Posted by mstone
There is no equivalent replacement for Flash as there was with GoLive and Freehand. Dreamweaver and Illustrator were superior applications anyway. Flash has capabilities that exceed HTML5 by a leaps and bounds. Playing video in Flash is only necessary for IE<9 so that should be on the way out. HTML 5 is really not quite as easy to code even in the areas where it can approach the same functionality as Flash. Adobe just need to fix Flash for the people who still want to use it. That said there are only a few circumstances where it makes sense to use Flash.
It is already possible but developers do not want to do it because they want the video embedded in the web page in order to display other advertising. Flash has always provided the ability to create a runtime executable which is essentially an app. The problem is that Flash is such a powerful application that it is difficult to completely sandbox it on a desktop computer so the same vulnerabilities would exist whether the Flash application is in a browser or a stand alone desktop application. The content is still being provided from untrusted sources.
There is many great HTML5 authoring tools like Hype already. I've got many issue with Flash content around the web, for me using flash as a video player is absurd and inefficient, but even worst flash have been a way to track users without their knowledge, flash cookies are outside browsers controls and do not depend on browsers security setting. Ads tracking have been one key features in flash popularity around the web and the reason why Google has built-in flash within their browsers.
[IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/20386/width/500/height/1000[/IMG]