Adobe identifies major Flash Player vulnerability, says exploit being used in real-world attacks
Adobe has discovered a "critical" vulnerability affecting many recent versions of Flash Player, according to a new security bulletin, which warns that the exploit is already in use by hackers.
The unspecified flaw is being employed in "limited, targeted attacks," Adobe said. Affected Flash versions include 19.0.0.207 and earlier for Mac and Windows, any 18.x update of the Extended Support Release, and any 11.x version for Linux.
The exploit can potentially cause a person's computer to crash, or given an attacker system control. Adobe says that it's developing a fix, which it hopes will be available sometime next week.
Apple has consciously avoided pre-installing Flash on Macs for years, citing the potential security threats involved. Indeed the company has chosen to leave Oracle's Java off of Macs for the same reason.
Flash has also become increasingly less relevant, often supplanted by technologies such as HTML5 video. The plugin is completely absent and unavailable in the iOS version of Safari.
The unspecified flaw is being employed in "limited, targeted attacks," Adobe said. Affected Flash versions include 19.0.0.207 and earlier for Mac and Windows, any 18.x update of the Extended Support Release, and any 11.x version for Linux.
The exploit can potentially cause a person's computer to crash, or given an attacker system control. Adobe says that it's developing a fix, which it hopes will be available sometime next week.
Apple has consciously avoided pre-installing Flash on Macs for years, citing the potential security threats involved. Indeed the company has chosen to leave Oracle's Java off of Macs for the same reason.
Flash has also become increasingly less relevant, often supplanted by technologies such as HTML5 video. The plugin is completely absent and unavailable in the iOS version of Safari.
Comments
After Steve Jobs drove a stake through Flash's heart, it's been a walking deadman lurching about the landscape...
Everyone should either not install Flash or use Click-to-Flash if necessary (and only with trusted websites).
People still install Flash? That's akin to emulating Bruce Willis' character north of 125th Street in Die Hard III.
A lot of our mandatory online training requires Flash, so it's impossible to avoid in some settings. In this case a univeristy, might be similar for a lot of enterprise.
Mostly its disabled, but I had to use Flash just last night . It's still out there…
Exactly - the problem is that some websites just refuse to replace Flash. Is ClickToFlash really built in a way that avoids the exploits? I imagine if it's built on the same architecture, it has the same vulnerabilities; it's only real advantage is letting you suppress the Flash until you have to run it.
"I'm shocked, shocked to find out there is gambling going on in here."
And the die-hard, iHating Flash-lovers are conveniently no where to be found...
I just took the time to read Steve Job's "Thoughts on Flash". Still as relevant today as in 2010. I think Adobe should just fix Flash and then stop supporting it. http://www.apple.com/hotnews/thoughts-on-flash/
There are still some dumb systems at work where I have no choice but to work with this POS (which does not stand for 'piece of software')....
What's new! This happens on a monthly basis it seems.
These f'ing s-for-brains. I just installed 19.0.0.207 last night (release day).
I f'ing hate having it installed, and I have it blocked for every site except for the 1 or 2 that I absolutely (begrudgingly) have to use it for.
PLEASE just shoot this thing.
Surprise! surprise!!!!
Adobe should truly be ashamed for continuing use of this botched app called "Flash". Apple has always done the right (and at times unpopular) decisions to end software / hardware that truly needed to die off. Adobe doesn't seem to have the chops to say "enough is enough" for some strange reason.
The conspiracy-theorist in me thinks that Adobe doesn't want to kill it off because that would in the end send a message that Steve Jobs was right all along and they don't want to admit that and have pie on its face.
End-of-life this garbage now!
I
Am
So
Surprised.
Next there will be another update to Windows for security purposes this week.
Any other method of interactive content is less widely supported on the desktop, more feature-limited, and less rapid (thus more expensive) to develop for.
Thankfully, Flash is not on mobile at ALL, which will keep pushing it towards the end.
Or Adobe will get Flash to export to HTML5 really well, which would be a great outcome.
I'm surprised that Apple hasn't blocked the latest version yet. Maybe they are waiting for a new release to come out first? Or maybe it's because Macs only check for updates once a day, and that update has already passed today?
But but but its not the "real Internet" without Flash!