|
|
Adobe updates Flash again due to critical security flaw
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
Adobe has again had to issue an update to the browser plug-in version of Flash due a critical flaw in the program that allows remote attackers to take over un-updated Macs or PCs, the latter running either Windows or Linux. The company urges users to update to the latest version, first issued on Friday, that patches the problem -- however, all previous versions should be considered at risk, and there are not yet any Chrome browser or standalone updaters available.
On a Mac, users can simply visit the Flash system preference panel and easily update to the latest version, now at v16.0.0.297. The process can even be automatic if users prefer, though all web browsers must be quit before the patch can be installed. Adobe is said to be working on a standalone version of the patch for multiple operating systems and system versions, and is working with Chrome to update the built-in version of Flash found in its Chrome browser for multiple platforms. Apple is likely to opt to silently disable all older versions of Flash on Safari browsers, essentially forcing an update for those users.
The Flash browser plug-in has had to be updated innumerable times for security and program fixes large and small, but not all versions of Windows or OS X are still supported. Those machines that cannot be updated to the most recent version of Flash either due to the machine's OS X version limitations or by user choice are advised to disable the Flash plug-in entirely and live without Flash support on websites, as the flaw -- CVE 2015-0311 -- is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," said the company.
While only Windows attacks have been seen in the wild at present, Macs running 16.0.0.287 or lower are also vulnerable, as are Linux users running 11.2.202.438 or lower. Adobe has not yet revealed the exact nature of the flaw, but due to the elevated privileges Flash requires in order to work, the bug can allow attackers to obtain control over a remote computer without the user being aware or actively downloading anything, often referred to in the Windows world as a "drive-by download."
Users can determine what version they are currently running by visiting Adobe's Flash installer page, where they can also install the latest version. Chrome users should disable Flash until Chrome is updated to address the issue.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
this used to be funny, now it's just sad sad sad
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status:
Offline
|
|
So the department that manages Flash over there at Adobe... do these people just absolutely dread coming into work every day, or what? How could any company hold any amount of pride over a product that is so problematic, yet ubiquitous at the same time?
I find it sad that their update installer has to keep reminding me about how much Flash is still used today (e.g. "Most Facebook games use Flash!")...
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2005
Status:
Offline
|
|
It's called HTML5.
Please use it.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2015
Status:
Offline
|
|
i second robttwo's comment. I've tried to stop using Flash but there are still too many sites that I need that still use it. It seems to me to be an abomination to the secure use of the web.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Dec 2000
Location: Germany
Status:
Offline
|
|
I third robttwo's comment, there is really no need for flash. The sooner it dies the better.
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2014
Status:
Offline
|
|
The Flash update page shows 16.0.0.287 as the most current. I'm at 16.0.0.296. What gives?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
same here, southwick, I guess you and I are OK. But notice how you are completely screwed if you are running an older OS for which the browser of your choice is no longer supported. You'll have to remove the Flash plugin to be safe. I have a couple installs of Snow Leopard, I need it because of Rosetta.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status:
Offline
|
|
As noted in the article, a standalone installer for .296 for Mac and Windows has yet to be released -- it is only obtainable through an existing software update panel. I imagine the standalone installer will be out shortly.
|
Charles Martin
MacNN Editor
|
|
|
|
|
|
|
|
Senior User
Join Date: Jun 2000
Location: Sydney, Australia
Status:
Offline
|
|
I refuse to install Flash as well. In the event I have no alternative, I open the offending link in Chrome.
Flash is an abomination. More HTML5 please.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|