Adobe addresses new 'actively exploited' critical vulnerability in Flash, users urged to update

2

Comments

  • Reply 21 of 54

    I had to install Flash as bank card security screens use it to verify you password when you use the card online

    I wish Visa would drop flash....

    Then I could remove it from my Mac

  • Reply 22 of 54
    elijahgelijahg Posts: 2,633member
    pjwilkin wrote: »
    I had to install Flash as bank card security screens use it to verify you password when you use the card online
    I wish Visa would drop flash....
    Then I could remove it from my Mac

    Bit of an oxymoron you've got there, Flash for card security screens? Hmm...
  • Reply 23 of 54
    noivadnoivad Posts: 186member
    I tried to update it, but it kept failing. I read all their official docs and did everything listed with no luck. As soon as I found out about this last night, I tried to update it. I eventually had to remove it after many attempts and restarts. (It was a very late night thank to Adobe thinking a forum is the place dispense info beyond their sub-standard/LCD support docs.) Good luck trying to make it work on any newer rev of OS X. There is a reason it is free and likes to spam you: because it sucks plain and simple.

    If capital punishment was doled out on how many of your user%u2019s man hours you%u2019ve wasted, then all of Adobe%u2019s executives would be dead by now. Adobe was once great software company before the DRM crackdown and %u201Crecreating the wheel%u201D but it%u2019s now an industry joke.
  • Reply 24 of 54
    ted13ted13 Posts: 65member
    Quote:

    Originally Posted by Steven New View Post

     

    It will never die, because too many people see it as an industry standard.  There is also an old guard of web designers that continue to use it...and websites that are fully functional and infrastructure built with Flash in mind.  It is just not cost efficient to change all the backend design of websites.  Flash is unfortunately here to stay for a long time.  


     

    Just like the DEC VAX will never die -- too many people and customers see it as an industry standard.  Wait...what? DEC *and* VAX are already dead -- utterly dead?  But what happened to never?

     

    The truth is that if Adobe got a little tinny bit of guts Flash could die not some time in the future, but literary *tomorrow*.  Why?  Because at this point the overwhelming majority of users are not on Flash capable PCs, but on smartphone and tables *that do not support Flash*.  Any web side that still depends on Flash has already lost the majority of their customers.

     

    Take a restaurant - a majority of related web users are using their smartphone on their way in the neighborhood.  They can't get through to restaurant A because their web site is Flash only? Guess what, they are going to restaurant B instead.  If anything Adobe killing it will help companies clueless enough to still be using it and hurting their own business.

     

    As for Adobe itself, their staff will be able to concentrate on other projects and strengthen them in the long term.

  • Reply 25 of 54
    theothergeofftheothergeoff Posts: 2,081member
    Quote:

    Originally Posted by Ted13 View Post

     

     

    Just like the DEC VAX will never die -- too many people and customers see it as an industry standard.  Wait...what? DEC *and* VAX are already dead -- utterly dead?  But what happened to never?

     


    VAX was never anything more than a corporal vessel of the living breathing VMS.

     

    Software can live for ever.

     

    Wasn't there a story yesteday that Apple System7 was booted up on an iWatch?

     

    Your analogy is like Motorola Microprocessors is dead... 680x0 is dead...  But... open up your Mac or your iPhone, and you'll find NeXTSTEP running the darn thing (NS Foundation Classes Framework)

     

    But you're right... just like Telnet, FTP, COBOL, and Base64 encoding... some things will never die.

  • Reply 26 of 54
    MarvinMarvin Posts: 14,803moderator
    sog35 wrote: »
    I freakin hate Flash.

    Every month there is a new explotable error.

    Safari has its share of vulnerabilities too, quite a few allowing arbitrary code execution:

    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=safari&cve_id=

    When you narrow it down to highly critical ones though, Flash is worse:

    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=safari&cvss_sev_base=HIGH&cve_id=

    Just 3 very high ones for Safari in the last 3 years but pages and pages of them for the Flash plugin:

    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=flash&cvss_sev_base=HIGH&cve_id=

    Chrome integrates Flash so it auto-updates without asking. Normal plugins should be able to do that too. People complain about forced updates but it's only because the update process makes them wait like Firefox when it starts up. If it happened in the background then it wouldn't matter. Safari can check once per day every plugin's approved sites for updates in the background and install updates in the background (it could do that for webkit updates too). People would never know about the vulnerability or the update. The plugins and webkit files would be moved into place and when they are in place, the links to the new files would be updated instantly when no content was using them.

    Flash can be made into an external app by Adobe and the plugin deprecated. This way browsers remain HTML 5 and the separate app would be how rich content is rendered. This gives Adobe more control over caching files so that games and apps don't have to download everything each time they open. They'd show in browsers as a graphic or link that would open in the app. This would push inline content (videos, ads, page animations) to HTML 5 and Flash-specific content into Adobe's own app. I doubt Adobe would voluntarily deprecate their own plugin on the desktop but they make money from the authoring software anyway.

    There was a time when Flash had a 98% install base but with mobile browsing making up 1/3 of traffic and growing, authoring with Flash no longer means that people can target such a large audience so maintaining the plugin on the desktop is just annoying 1/3 of internet users who can't see Flash-exclusive content. They can even author an app for iOS and do some conversion in the cloud to have content work for mobile devices. If an app or embedded video is published to the web for example, a link can open it in the Adobe app on mobile and then they can do some conversion in the cloud to let the mobile user handle it. They own the entire distribution format so they can strip out the swf containers from embedded videos and allow a direct stream to their app, they can download swf assets for games and do a conversion in the cloud to Javascript etc and cache it for other users of the same link.

    They'd need to do this on every platform to gain traction but they must hate having to deal with every browser's own way of working and deploying updates for each. With an app, it can be a single app per platform and any browser or app can link to it when they need to and it can do whatever updates it wants to.
  • Reply 27 of 54
    uxqatomuxqatom Posts: 15member
    Yet another severe flaw in Adobe's much-maligned Flash Player has been discovered and is being "actively exploited," the company said on Tuesday, and users with Flash installed are being urged to upgrade to the latest version as soon as possible.

    I like how Adobe's "Allow automatic updates to Flash" option doesn't actually do that. Or, at best, does it on a very lazy sometime in the next 30-40 days "window". I guess they really need you to visit their website to see advertisements or to try to get you to install the google tool bar, McAfee whatever, or Chrome web browser with your update.

    Java isn't any better then flash (aside from being needed a lot less), but at lest the "Update now" button -- does exactly that.
  • Reply 28 of 54
    uxqatomuxqatom Posts: 15member
    lkrupp wrote: »
    I freakin’ hate OS X.

    Every month there is a new exploitable error, sometimes twice a month.

    Don't go near Microsoft Windows then. I hear that multiple patches are released for Windows every Tuesday. Or are they more frequent, now?
  • Reply 29 of 54
    freediverxfreediverx Posts: 1,419member
    What better excuse to uninstall Flash from your computer altogether.
  • Reply 30 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by Steven New View Post

     

    It will never die, because too many people see it as an industry standard.  There is also an old guard of web designers that continue to use it...and websites that are fully functional and infrastructure built with Flash in mind.  It is just not cost efficient to change all the backend design of websites.  Flash is unfortunately here to stay for a long time.  


     

    Some people said the same thing about IE6 and ActiveX. Flash will die, and the transition will be most costly for those who wait the longest to give up on this worthless technology.

  • Reply 31 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by lkrupp View Post

     

    I freakin’ hate OS X.

     

    Every month there is a new exploitable error, sometimes twice a month.


     

    Then what brings you to a website called Appleinsider, grandpa?

  • Reply 32 of 54
    cornchipcornchip Posts: 1,911member

    Is Adobe's page for Flash even built in Flash? I don't think it is.

  • Reply 33 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by rob53 View Post

     

    This is the Navy's excuse for still using Windows XP and paying Microsoft a bundle of money to keep supporting it. What costs more to support old or non-secure software? The time it takes to retool or the time and cost it takes to continuously fix and patch software that isn't functioning properly or not supported by the manufacturer? Yes, a Model T still runs but you don't see more of them in a museum than on the road. Time to get with the 21st century.


     

    Great example of the US military's long history of wasting trillions of dollars on ineffective technology. Isn't it great to know that the country's defense is compromised by crooked politicians and the defense contractors to whom they're beholden?

  • Reply 34 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by cornchip View Post

     

    Is Adobe's page for Flash even built in Flash? I don't think it is.




    Adobe has long since given up evangelizing this worthless technology, but some shitty industries seem in no hurry to abandon it. Automakers and the entertainment industry are two glaring examples.

  • Reply 35 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by netrox View Post



    I am sick of being asked to update Flash which seems to be every week!

     

    Solution:

     

    1. Uninstall Flash.

    2. Stop patronizing websites that require it.

  • Reply 36 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by PJWilkin View Post

     

    I had to install Flash as bank card security screens use it to verify you password when you use the card online

    I wish Visa would drop flash....

    Then I could remove it from my Mac


     

    What credit card is this? I removed Flash long ago and have no problems with Wells Fargo, Amex, Chase, or Barclay.

  • Reply 37 of 54
    freediverxfreediverx Posts: 1,419member
    Quote:

    Originally Posted by Marvin View Post





    Safari has its share of vulnerabilities too, quite a few allowing arbitrary code execution:



    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=safari&cve_id=



    When you narrow it down to highly critical ones though, Flash is worse:



    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=safari&cvss_sev_base=HIGH&cve_id=



    Just 3 very high ones for Safari in the last 3 years but pages and pages of them for the Flash plugin:



    https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&query=flash&cvss_sev_base=HIGH&cve_id=



    Chrome integrates Flash so it auto-updates without asking. Normal plugins should be able to do that too. People complain about forced updates but it's only because the update process makes them wait like Firefox when it starts up. If it happened in the background then it wouldn't matter. Safari can check once per day every plugin's approved sites for updates in the background and install updates in the background (it could do that for webkit updates too). People would never know about the vulnerability or the update. The plugins and webkit files would be moved into place and when they are in place, the links to the new files would be updated instantly when no content was using them.



    Flash can be made into an external app by Adobe and the plugin deprecated. This way browsers remain HTML 5 and the separate app would be how rich content is rendered. This gives Adobe more control over caching files so that games and apps don't have to download everything each time they open. They'd show in browsers as a graphic or link that would open in the app. This would push inline content (videos, ads, page animations) to HTML 5 and Flash-specific content into Adobe's own app. I doubt Adobe would voluntarily deprecate their own plugin on the desktop but they make money from the authoring software anyway.



    There was a time when Flash had a 98% install base but with mobile browsing making up 1/3 of traffic and growing, authoring with Flash no longer means that people can target such a large audience so maintaining the plugin on the desktop is just annoying 1/3 of internet users who can't see Flash-exclusive content. They can even author an app for iOS and do some conversion in the cloud to have content work for mobile devices. If an app or embedded video is published to the web for example, a link can open it in the Adobe app on mobile and then they can do some conversion in the cloud to let the mobile user handle it. They own the entire distribution format so they can strip out the swf containers from embedded videos and allow a direct stream to their app, they can download swf assets for games and do a conversion in the cloud to Javascript etc and cache it for other users of the same link.



    They'd need to do this on every platform to gain traction but they must hate having to deal with every browser's own way of working and deploying updates for each. With an app, it can be a single app per platform and any browser or app can link to it when they need to and it can do whatever updates it wants to.

     

    The solution is to remove Flash, not to use a web browser that has it built-in, from the company whose business model revolves around tracking all your online activity and selling ads.

  • Reply 38 of 54
    thepixeldocthepixeldoc Posts: 2,257member
    I know I shouldn't keep on bringing this up, but due to certain old differences of opinion that still lay dormant under my skin... let it never be forgotten that Flash was the baby darling project at Macromedia of a person... who later became CTO at Adobe and championed it's cause in a rather b*tchy-like tone against none other than Steve Jobs, who dared to speak out against this Redrum b*stard software... but appears to have turned over a new "complication", stardom, and success at no other address than One Infinite Loop: our very own head of the Apple Watch, Kevin Lynch.

    Small world indeed.
  • Reply 39 of 54
    lkrupplkrupp Posts: 10,013member
    Quote:

    Originally Posted by freediverx View Post

     

     

    Then what brings you to a website called Appleinsider, grandpa?




    You’re saying I’m wrong about OS X? Or maybe I forgot the sarcasm tag? ¡ /s

  • Reply 40 of 54
    Haven't had Flash installed on any of my Macs in almost eight years. Haven't missed it.

    Ironically, I LOVE Flash as a simple vector animation app or even just a sketching tool. (I learned it before Macromedia even bought it from FutureWave.) So I'm no hater. But I'd rather not be a worrier either. So I gave up on the plug-in long ago.
Sign In or Register to comment.