Adobe identifies major Flash Player vulnerability, says exploit being used in real-world attacks

Posted:
in Mac Software edited October 2015
Adobe has discovered a "critical" vulnerability affecting many recent versions of Flash Player, according to a new security bulletin, which warns that the exploit is already in use by hackers.




The unspecified flaw is being employed in "limited, targeted attacks," Adobe said. Affected Flash versions include 19.0.0.207 and earlier for Mac and Windows, any 18.x update of the Extended Support Release, and any 11.x version for Linux.

The exploit can potentially cause a person's computer to crash, or given an attacker system control. Adobe says that it's developing a fix, which it hopes will be available sometime next week.

Apple has consciously avoided pre-installing Flash on Macs for years, citing the potential security threats involved. Indeed the company has chosen to leave Oracle's Java off of Macs for the same reason.

Flash has also become increasingly less relevant, often supplanted by technologies such as HTML5 video. The plugin is completely absent and unavailable in the iOS version of Safari.
«13

Comments

  • Reply 1 of 46
    People still install Flash? That's akin to emulating Bruce Willis' character north of 125th Street in Die Hard III.
  • Reply 2 of 46
    damonfdamonf Posts: 229member
    A fix.... next week? The executives in charge of Flash shouldn't get a bonus this year, in my opinion. Several zero-day exploits this year. Flash itself should die and rot in hell.
  • Reply 3 of 46
    This "bag of hurt" just won't die... Why don't Adobe just announce it is stopping all support?

    After Steve Jobs drove a stake through Flash's heart, it's been a walking deadman lurching about the landscape...
  • Reply 4 of 46
    mcarlingmcarling Posts: 1,106member

    Everyone should either not install Flash or use Click-to-Flash if necessary (and only with trusted websites).

  • Reply 5 of 46
    cornchipcornchip Posts: 1,945member
    Mostly its disabled, but I had to use Flash just last night :(. It's still out there…
  • Reply 6 of 46
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by rpeters View Post



    People still install Flash? That's akin to emulating Bruce Willis' character north of 125th Street in Die Hard III.



    A lot of our mandatory online training requires Flash, so it's impossible to avoid in some settings. In this case a univeristy, might be similar for a lot of enterprise.

  • Reply 7 of 46
    Quote:

    Originally Posted by cornchip View Post



    Mostly its disabled, but I had to use Flash just last night image. It's still out there…

    Exactly - the problem is that some websites just refuse to replace Flash. Is ClickToFlash really built in a way that avoids the exploits? I imagine if it's built on the same architecture, it has the same vulnerabilities; it's only real advantage is letting you suppress the Flash until you have to run it.

  • Reply 8 of 46
    eightzeroeightzero Posts: 3,056member

    "I'm shocked, shocked to find out there is gambling going on in here."

  • Reply 9 of 46
    sflocalsflocal Posts: 6,092member

    And the die-hard, iHating Flash-lovers are conveniently no where to be found...

  • Reply 10 of 46
    knowitallknowitall Posts: 1,648member
    Time to abandon this bug sinkhole called Flash.
  • Reply 11 of 46
    jkichlinejkichline Posts: 1,369member

    I just took the time to read Steve Job's "Thoughts on Flash".  Still as relevant today as in 2010. I think Adobe should just fix Flash and then stop supporting it. http://www.apple.com/hotnews/thoughts-on-flash/

  • Reply 12 of 46

    There are still some dumb systems at work where I have no choice but to work with this POS (which does not stand for 'piece of software')....

  • Reply 13 of 46
    boltsfan17boltsfan17 Posts: 2,294member

    What's new! This happens on a monthly basis it seems. 

  • Reply 14 of 46
    bobschlobbobschlob Posts: 1,074member

    These f'ing  s-for-brains. I just installed 19.0.0.207 last night (release day).

    I f'ing hate having it installed, and I have it blocked for every site except for the 1 or 2 that I absolutely (begrudgingly) have to use it for.

    PLEASE just shoot this thing.

  • Reply 15 of 46

    Surprise! surprise!!!!

  • Reply 16 of 46
    sflocalsflocal Posts: 6,092member

    Adobe should truly be ashamed for continuing use of this botched app called "Flash".  Apple has always done the right (and at times unpopular) decisions to end software / hardware that truly needed to die off.  Adobe doesn't seem to have the chops to say "enough is enough" for some strange reason.



    The conspiracy-theorist in me thinks that Adobe doesn't want to kill it off because that would in the end send a message that Steve Jobs was right all along and they don't want to admit that and have pie on its face.



    End-of-life this garbage now!

  • Reply 17 of 46
    dysamoriadysamoria Posts: 3,430member
    Really?
    I
    Am
    So

    Surprised.


    Next there will be another update to Windows for security purposes this week.
  • Reply 18 of 46
    nagrommenagromme Posts: 2,834member
    Sad to say, for some interactive content, Flash is cheap to develop and runs on all Macs and PCs, even ones with older browsers.

    Any other method of interactive content is less widely supported on the desktop, more feature-limited, and less rapid (thus more expensive) to develop for.

    Thankfully, Flash is not on mobile at ALL, which will keep pushing it towards the end.

    Or Adobe will get Flash to export to HTML5 really well, which would be a great outcome.
  • Reply 19 of 46
    coolfactorcoolfactor Posts: 2,239member

    I'm surprised that Apple hasn't blocked the latest version yet. Maybe they are waiting for a new release to come out first? Or maybe it's because Macs only check for updates once a day, and that update has already passed today?

  • Reply 20 of 46
    sflocal wrote: »
    Adobe should truly be ashamed for continuing use of this botched app called "Flash".  Apple has always done the right (and at times unpopular) decisions to end software / hardware that truly needed to die off.  Adobe doesn't seem to have the chops to say "enough is enough" for some strange reason.


    The conspiracy-theorist in me thinks that Adobe doesn't want to kill it off because that would in the end send a message that Steve Jobs was right all along and they don't want to admit that and have pie on its face.


    End-of-life this garbage now!

    But but but its not the "real Internet" without Flash!
Sign In or Register to comment.