Flash flaw could allow attackers to remotely control Macs and PCs, Adobe issues critical update
Adobe on Tuesday released a security update for their Flash Player to address a vulnerability that could allow an attacker to remotely take control of users' computers, an exploit that the company says has been documented in the wild.
According to Adobe, both Mac and Windows machines running Flash Player version 12.0.0.43 or earlier are susceptible to the attack. Linux users are not immune, as the bug also affects Flash Player versions 11.2.202.335 and earlier on the platform.
Users can verify the Flash version installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content and choosing "About Adobe Flash Player" from the contextual menu.
Windows and Mac users are urged to update to Flash Player 12.0.0.44 as soon as possible, while Linux users should install version 11.2.202.336. Flash Player plugins installed with Google's Chrome browser or Microsoft's Internet Explorer 10 or 11 will be automatically updated, Adobe says.
The bug --?assigned CVE code CVE-2014-0497 --?was reported by researchers Alexander Polyakov and Anton Ivanov of Kaspersky Labs.
According to Adobe, both Mac and Windows machines running Flash Player version 12.0.0.43 or earlier are susceptible to the attack. Linux users are not immune, as the bug also affects Flash Player versions 11.2.202.335 and earlier on the platform.
Users can verify the Flash version installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content and choosing "About Adobe Flash Player" from the contextual menu.
Windows and Mac users are urged to update to Flash Player 12.0.0.44 as soon as possible, while Linux users should install version 11.2.202.336. Flash Player plugins installed with Google's Chrome browser or Microsoft's Internet Explorer 10 or 11 will be automatically updated, Adobe says.
The bug --?assigned CVE code CVE-2014-0497 --?was reported by researchers Alexander Polyakov and Anton Ivanov of Kaspersky Labs.
Comments
Can we finally just ditch Flash from the Internet ecosystem already, please?
FAIL.
Flash = Adobe's evil twin.
This, and the horrendous toll on battery life, are why I don't have Flash installed on my MBA.
And for what? A bunch of cheezy animated ads? Shameful that this is Adobe's legacy.
What a joke, click Check Now for updates in the Flash PrefPane, and it says 12.0.0.38 is latest...
FAIL.
Check again.
Quote:
This, and the horrendous toll on battery life, are why I don't have Flash installed on my MBA.
Can we finally just ditch Flash from the Internet ecosystem already, please?
And for what? A bunch of cheezy animated ads? Shameful that this is Adobe's legacy.
Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.
Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.
Is this for the "known" security issue or to patch the "unknown" NSA backdoor? Oops.
I look forward to the day this trash product goes into the Internet history archives, where it should have been ages ago.
What a joke, click Check Now for updates in the Flash PrefPane, and it says 12.0.0.38 is latest...
FAIL.
Mine found it. I have my settings to not run Flash unless I approve it but I can't believe how many websites have it running and it's not apparent where it's running. I can see the typical notification on some sites but other on other ones it's not as apparent.
Unfortunately, I do have experience with Flash. I was a system architect for an interactive design agency. I've worked in Flash and Flex development and after having done so, believe that it is a woeful technology that does not transition well in the mobile world. In addition I saw a number of projects overrun on budget and time due to the promise of faster development cycles on a nascent technology that were never realized. While Flash/Flex provided a better framework for building sophisticated apps, I think it many cases it is overkill and can be done more simply HTML 5, especially with modern frameworks such as JQuery, etc.
In addition, Flash does not run on mobile devices because if it's drawbacks and is thus irrelevant in the increasingly post-PC world.
No one disputes the importance of Adobe Flash especially prior to 2008 but the importance of Adobe Flash is declining rapidly. Companies that can't adjust will also see their products and services decline in importance over the next five years.
Precisely. When I'm on my iPad or iPhone and come across a Flash-only site, I don't blame Apple. I blame the website company and they lose my business. They need to wake up and get off this antiquated technology.
Using 'Flash' and 'sophisticated web applications' in the same sentence seems odd. I don't see anything sophisticated about this software. Care to elaborate? Or is the answer right in front of me, but I simply can't see it as I don't have Flash installed on my Mac?
Is this really surprising, since Adobe's PDF source code was compromised and leaked onto the web... who knows how far it goes?
I wish the NY Times would lead by example and convert their videos to HTML5, and discard Flash.
They shouldn't wait until the day when they deliver a computer-controlling, hacked Flash video to their readers. You know that day is coming.
And anyone else serving Flash videos should be responsible as well.
And while we're on the subject of Adobe... their software rental-only policy!!!... (going red in the face).... (steam exiting ears)... They'll have to get my first $50 payment by pulling it out of my cold, dead hands!
Don't be ridiculous. It has a lot of useful and relevant applications...unfortunately those of you that are unaware of the world outside the Apple bubble have no idea and thus make comments like these.
Flash may suck, but it is still very important for a lot of sophisticated web applications and will continue to be for at least the next 5 years.
It is used in applications, but more and more each day I can surf without flash turned on. With the toll in battery life as well as the security risks it is safer off and turned on when needed.
Can we finally just ditch Flash from the Internet ecosystem already, please?
Once you update, redo, or delete the millions of flash applets, plug ins, games, videos, etc. that have been posted, then sure!
I wish the NY Times would lead by example and convert their videos to HTML5, and discard Flash.
They shouldn't wait until the day when they deliver a computer-controlling, hacked Flash video to their readers. You know that day is coming.
And anyone else serving Flash videos should be responsible as well.
And while we're on the subject of Adobe... their software rental-only policy!!!... (going red in the face).... (steam exiting ears)... They'll have to get my first $50 payment by pulling it out of my cold, dead hands!
Maybe you can beat them with your buggy whip!