Adobe addresses new 'actively exploited' critical vulnerability in Flash, users urged to update

Posted:
in Mac Software edited September 2015
Yet another severe flaw in Adobe's much-maligned Flash Player has been discovered and is being "actively exploited," the company said on Tuesday, and users with Flash installed are being urged to upgrade to the latest version as soon as possible.




The flaw --?assigned CVE ID 2015-3113 -- affects Flash Player version 18.0.0.161 and earlier as well as Flash Player Extended Support Release version 13.0.0.292 and earlier on both Windows and Mac. In a security advisory, Adobe said it is aware of "limited, targeted attacks" exploiting this flaw, though known attacks are limited to Windows systems for now.

According to the National Vulnerability Database, CVE-2015-3113 is a "heap-based buffer overflow" which "allows remote attackers to execute arbitrary code via unspecified vectors."

Mac users with Flash installed separately should update to version 18.0.0.194. Those who have Flash Player's automatic update capability enabled --?or those who use Chrome, which ships its own version of Flash --?should have already received the patch.

Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
«13

Comments

  • Reply 1 of 54
    MacProMacPro Posts: 19,405member
    sog35 wrote: »
    I freakin hate Flash.

    Every month there is a new explotable error.

    I only have it on my MBP, I keep it off Macs I work on, but it seems to require an update twice a week these days. It is pathetic that some major web sites still have no alternative to Flash for much of their content. The BBC, one of my favorite sites is a prime example of this Luddite attitude. I suspect that is the exact right phrase too!
  • Reply 2 of 54
    andreidandreid Posts: 96member
    Oh no!!!! How many times did we read titles like this?! Too many i'm afraid...and people still don't get it. Flash sucks and must die. http://occupyflash.org
  • Reply 3 of 54
    Quote:

    Originally Posted by AndreiD View Post



    How many times did we read titles like this?!

    Every time is a black eye for Adobe. At some point (soon) they should retire the product.

  • Reply 4 of 54
    Just die already, Flash. You prolong the inevitable, Adobe.
  • Reply 5 of 54
    Terrible software that has over the years been shoehorned into a virus laden monstrosity.

    Adobe needs to kill this lame technology, ASAP.
  • Reply 6 of 54

    It will never die, because too many people see it as an industry standard.  There is also an old guard of web designers that continue to use it...and websites that are fully functional and infrastructure built with Flash in mind.  It is just not cost efficient to change all the backend design of websites.  Flash is unfortunately here to stay for a long time.  

  • Reply 7 of 54
    lkrupplkrupp Posts: 9,558member
    Quote:
    Originally Posted by sog35 View Post

     

    I freakin hate Flash.

     

    Every month there is a new explotable error.




    I freakin’ hate OS X.

     

    Every month there is a new exploitable error, sometimes twice a month.

  • Reply 8 of 54
    rob53rob53 Posts: 2,682member

    I finally removed Flash from all my Macs a few months ago and so far haven't found a website where I really need it. I make use of Safari's Develop tab using the iPad User Agent. This gives me a non-Flash page that works 90% of the time. I just wish these websites would see I don't have Flash and automatically use HTML5. I know Flash is used for more than simple video but it's constant updating for security fixes makes it a product that should be removed from all computers because Adobe just can't secure it. I'm surprised a government agency or Congressman hasn't spoken out about this. Adobe must be paying Washington DC a bundle of money to leave it alone.

  • Reply 9 of 54
    rob53rob53 Posts: 2,682member
    Quote:

    Originally Posted by Steven New View Post

     

    It will never die, because too many people see it as an industry standard.  There is also an old guard of web designers that continue to use it...and websites that are fully functional and infrastructure built with Flash in mind.  It is just not cost efficient to change all the backend design of websites.  Flash is unfortunately here to stay for a long time.  


    This is the Navy's excuse for still using Windows XP and paying Microsoft a bundle of money to keep supporting it. What costs more to support old or non-secure software? The time it takes to retool or the time and cost it takes to continuously fix and patch software that isn't functioning properly or not supported by the manufacturer? Yes, a Model T still runs but you don't see more of them in a museum than on the road. Time to get with the 21st century.

  • Reply 10 of 54
    slurpyslurpy Posts: 5,322member
    Quote:

    Originally Posted by Steven New View Post

     

    It will never die, because too many people see it as an industry standard.  There is also an old guard of web designers that continue to use it...and websites that are fully functional and infrastructure built with Flash in mind.  It is just not cost efficient to change all the backend design of websites.  Flash is unfortunately here to stay for a long time.  


     

    No, it isn't a standard anymore, and yes, it will die. A fuckload of websites have moved away from Flash the last few years, at least the competent ones. Any website that still requires flash will never get my business of my support, and makes me look at the people behind it in an extremely negative light. Yes, of course it costs to move away, but with the current environment of hundreds of millions of phones and tablets that do not support flash, which are often the primary computing device for people, anyone who DOESN'T think that is a worthwhile investment deserve to lose all their business. 

  • Reply 12 of 54
    netroxnetrox Posts: 1,083member
    I am sick of being asked to update Flash which seems to be every week!
  • Reply 13 of 54

    You know what's worse than Flash? Adobe Air. A nasty, worthless abortion of a wannabe competitor to Java and C#, constantly asking for updates. At least few companies were dumb enough to use it, sadly Amazon selected it for its music apps.

  • Reply 14 of 54
    Solved my flash troubles a long time ago. Here is a step-by-step:

    1) uninstall Flash
    2) let go of poorly crafted websites that use it for critical content
    3) get used to a better and less cluttered web (this last step is a delight)

    It's been some time now that anyone can live without Flash. It's no big deal.
  • Reply 15 of 54
    Quote:

    Originally Posted by netrox View Post



    I am sick of being asked to update Flash which seems to be every week!



    I am not (well, not anymore). I removed it from my system. Yes, a few sites don't work without it. I found alternatives. Their loss, not mine.

  • Reply 16 of 54
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Slurpy View Post

     

     

    No, it isn't a standard anymore, and yes, it will die. A fuckload of websites have moved away from Flash the last few years, at least the competent ones. Any website that still requires flash will never get my business of my support, and makes me look at the people behind it in an extremely negative light. Yes, of course it costs to move away, but with the current environment of hundreds of millions of phones and tablets that do not support flash, which are often the primary computing device for people, anyone who DOESN'T think that is a worthwhile investment deserve to lose all their business. 




    Even Adobe does not use Flash on their web site except on their download Flash test page. In terms of mobile devices they have Mobile Device Packaging for Flash which converts it to either an app or HTML5. Works really well. Flash Pro is a great platform for creating HTML5 content.

  • Reply 17 of 54
    brakkenbrakken Posts: 687member
    HTML5.
  • Reply 18 of 54

    I don't have it on my MacBook. The only time I ever missed it was on the BBC news site. Today I had enough and deleted the BBC News bookmark and replaced it with another news site instead. 

     

    Bye bye BBC.

  • Reply 19 of 54
    mac_dogmac_dog Posts: 914member
    FUUUUUUUUCK! hate adobe for dragging their feet in killing this app already and other things.
  • Reply 20 of 54
    SpamSandwichSpamSandwich Posts: 33,408member
    Yeah... I think this is the last straw for Flash. Uninstall party!
Sign In or Register to comment.