It is usually the new advanced features in Flash that get exploited because the standard features have mostly been patched. HTML 5 is great but I don't think it has Pixel Bending on video which is what was exploited in this case. When HTML 6,7,8,9 whatever has all the same capabilities as Flash and an equivalent rapid application development environment, perhaps people will stop using Flash.
EDIT: Actually I have now discovered that Pixel Bender is not a new feature as I suspected, only because I never heard of it before. As it turns out it is obsolete and will not work with the latest versions of Adobe products. I think it only works up to Flash Player version 10 so most people have long since upgraded to a newer version.
?Other details are that there are actually two different versions of the attack but the one that could affect Macs is the much older exploit referenced above. The second similar technique requires Cisco Meeting plugin and ActiveX on Windows, as well as the older version of Flash player, and so far only while using Firefox. All the attacks are considered extremely sophisticated and originate in Syria. More information here:
Has there been a single week without a critical flash flaw? It seems like I get a warning every couple days on my PC. Why the **** isn't this technology dead yet? It's been long enough. Any website that still relies on flash for video, etc does not even deserve to exist, when most are accessing the web through mobile now. Half the sites I visit still say "missing plugin" for video on mobile devices. Disgusting.
You have absolutely no idea what you're talking about. But keep it up, I'm sure you'll get plenty of up votes from iPhone owners.
You are blissfully unaware of the multitude of Flash Web Applications that are still in use in the corporate sector...and are not going anywhere anytime soon.
It annoys people with Flash more because it's a non-essential add-on but it's not the case that Adobe's developers are worse just because the vulnerabilities are publicized more.
I went for a year w/o flash installed on my computer a few years ago and really didn't have any problems w/o it. I installed it again several months ago, as I was lazy and wanted to see a video that required it and figured by now Adobe made the product more streamlined and better performing on OSX. After this article came out, I decided I'd update the flash player installed... turns out, there's not really an efficient way to do this w/o going to the website, so... problem solved, I found the "uninstall" option in my utility folder. Thanks adobe for making the uninstall much easier than an update. I think I'll try another year or two w/o flash or maybe indefinitely. Didn't Adobe lose their talent behind flash to Apple anyway?
You are blissfully unaware of the multitude of Flash Web Applications that are still in use in the corporate sector...and are not going anywhere anytime soon.
You're seriously arguing that Flash is the new COBOL?
pretty easy when you're just an average consumer browsing the web. no need for either
Yep! I don't need to watch porn ... so average I am!
My point is if above average consumers stop accessing sites which are built on top of Flash / JAVA, then they'll try to come up with non Flash / JAVA solutions.
Like so much about Adobe these days... another reason to look for a light on the horizon to signal an alternative route, away from Adobe.
HTML5 in this case.
And don't get me started on the rental-only Adobe CC, which I think is an insult to previous users of their software products.
The new features are getting fewer and fewer, so Adobe knows you may not buy their very-expensive software again soon. They've decided to charge you monthly for the privilege making your digital designs, whatever they are. Then their bottom line won't suffer when their technical progress is slow.
I kinda wish Apple would buy Adobe, since many of their users always have been Mac users, and make their software free when you buy a Mac.
Then someone else would not have to make another Creative Suite from scratch for us to buy, not rent.
If apple took over Adobe we would see current works better,(a few deleted), and flash working better than html5.
Comments
I've updated by removing Flash.
HTML5 in this case.
It is usually the new advanced features in Flash that get exploited because the standard features have mostly been patched. HTML 5 is great but I don't think it has Pixel Bending on video which is what was exploited in this case. When HTML 6,7,8,9 whatever has all the same capabilities as Flash and an equivalent rapid application development environment, perhaps people will stop using Flash.
EDIT: Actually I have now discovered that Pixel Bender is not a new feature as I suspected, only because I never heard of it before. As it turns out it is obsolete and will not work with the latest versions of Adobe products. I think it only works up to Flash Player version 10 so most people have long since upgraded to a newer version.
?Other details are that there are actually two different versions of the attack but the one that could affect Macs is the much older exploit referenced above. The second similar technique requires Cisco Meeting plugin and ActiveX on Windows, as well as the older version of Flash player, and so far only while using Firefox. All the attacks are considered extremely sophisticated and originate in Syria. More information here:
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks
Who uses Flash anyway?
All the ads on AI for one.
I have the Flash preference panel set to automatically install updates. I just checked and my Flash plugin is already at 13.0.0.206 so...
Has there been a single week without a critical flash flaw? It seems like I get a warning every couple days on my PC.
I get security notices, patches and updates from Apple on a regular basis too.
Has there been a single week without a critical flash flaw? It seems like I get a warning every couple days on my PC. Why the **** isn't this technology dead yet? It's been long enough. Any website that still relies on flash for video, etc does not even deserve to exist, when most are accessing the web through mobile now. Half the sites I visit still say "missing plugin" for video on mobile devices. Disgusting.
You have absolutely no idea what you're talking about. But keep it up, I'm sure you'll get plenty of up votes from iPhone owners.
You are blissfully unaware of the multitude of Flash Web Applications that are still in use in the corporate sector...and are not going anywhere anytime soon.
5+ years and counting .... living my digital life without these 2 piece of craps:
1. Adobe Flash (and other garbage they sell!)
2. F****ng JAVA!
They don't die though because of Ads ... Ads ... god damn google and more Ads!
pretty easy when you're just an average consumer browsing the web. no need for either
All the ads on AI for one.
It's a great ad-block!
No Flash? No ads.
I'm interested in how that is possible to...
Only if they use SSL for all the connections.
Another thread of the same Adobe hate comments. I expect everyone has deleted Firefox too because of all the critical security flaws:
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
https://www.mozilla.org/security/announce/2014/mfsa2014-29.html
"these two bugs allow an attacker to load a JavaScript URL that is executed with the full privileges of the browser, which allows arbitrary code execution."
https://www.mozilla.org/security/announce/2014/mfsa2014-31.html
"This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for arbitrary code execution."
http://www.infosecurity-magazine.com/view/36635/mozilla-patches-thunderbird-remote-exploit-vulnerability/
"The vulnerability allows the attacker to execute malicious script code in the victim’s browser, resulting in script code injection, persistent phishing, client-side redirects and similar client-side attacks."
http://www.computerworld.com/s/article/9247381/Apple_patches_Safari_s_Pwn2Own_vulnerability_two_dozen_other_critical_bugs
^ 27 vulnerabilities in Safari, 26 critical allowing arbitrary code execution. 33 OS vulnerabilities, not being fixed in Snow Leopard.
6 vulnerabilities in Chrome:
https://msisac.cisecurity.org/advisories/2014/2014-018.cfm
"Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution"
Guess we're back to using good old trusty Internet Explorer. Hold on:
http://www.pcworld.com/article/2148368/new-internet-explorer-zero-day-puts-web-at-risk-and-xp-isnt-getting-a-fix.html
"This new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to give hackers the same user rights as the current user."
It annoys people with Flash more because it's a non-essential add-on but it's not the case that Adobe's developers are worse just because the vulnerabilities are publicized more.
Flash needs to die.
And it will after the last porn site switches to HTML5.
Why is this crap even possible anymore? What happened to sandboxing?
You are blissfully unaware of the multitude of Flash Web Applications that are still in use in the corporate sector...and are not going anywhere anytime soon.
You're seriously arguing that Flash is the new COBOL?
pretty easy when you're just an average consumer browsing the web. no need for either
Yep! I don't need to watch porn ... so average I am!
My point is if above average consumers stop accessing sites which are built on top of Flash / JAVA, then they'll try to come up with non Flash / JAVA solutions.
Or at least, voice your concerns ....
Ignoring iTunes, so the day Flash ceases is the day Office likely becomes the worlds most hated software.