Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Adobe updates Flash again due to critical security flaw

Adobe updates Flash again due to critical security flaw
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jan 25, 2015, 11:46 PM
 
Adobe has again had to issue an update to the browser plug-in version of Flash due a critical flaw in the program that allows remote attackers to take over un-updated Macs or PCs, the latter running either Windows or Linux. The company urges users to update to the latest version, first issued on Friday, that patches the problem -- however, all previous versions should be considered at risk, and there are not yet any Chrome browser or standalone updaters available.



On a Mac, users can simply visit the Flash system preference panel and easily update to the latest version, now at v16.0.0.297. The process can even be automatic if users prefer, though all web browsers must be quit before the patch can be installed. Adobe is said to be working on a standalone version of the patch for multiple operating systems and system versions, and is working with Chrome to update the built-in version of Flash found in its Chrome browser for multiple platforms. Apple is likely to opt to silently disable all older versions of Flash on Safari browsers, essentially forcing an update for those users.

The Flash browser plug-in has had to be updated innumerable times for security and program fixes large and small, but not all versions of Windows or OS X are still supported. Those machines that cannot be updated to the most recent version of Flash either due to the machine's OS X version limitations or by user choice are advised to disable the Flash plug-in entirely and live without Flash support on websites, as the flaw -- CVE 2015-0311 -- is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," said the company.

While only Windows attacks have been seen in the wild at present, Macs running 16.0.0.287 or lower are also vulnerable, as are Linux users running 11.2.202.438 or lower. Adobe has not yet revealed the exact nature of the flaw, but due to the elevated privileges Flash requires in order to work, the bug can allow attackers to obtain control over a remote computer without the user being aware or actively downloading anything, often referred to in the Windows world as a "drive-by download."

Users can determine what version they are currently running by visiting Adobe's Flash installer page, where they can also install the latest version. Chrome users should disable Flash until Chrome is updated to address the issue.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Jan 26, 2015, 12:56 AM
 
this used to be funny, now it's just sad sad sad
     
Grendelmon
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Jan 26, 2015, 10:35 AM
 
So the department that manages Flash over there at Adobe... do these people just absolutely dread coming into work every day, or what? How could any company hold any amount of pride over a product that is so problematic, yet ubiquitous at the same time?

I find it sad that their update installer has to keep reminding me about how much Flash is still used today (e.g. "Most Facebook games use Flash!")...
     
robttwo
Fresh-Faced Recruit
Join Date: Nov 2005
Status: Offline
Reply With Quote
Jan 26, 2015, 10:58 AM
 
It's called HTML5.

Please use it.
     
mseanb
Fresh-Faced Recruit
Join Date: Jan 2015
Status: Offline
Reply With Quote
Jan 26, 2015, 11:51 AM
 
i second robttwo's comment. I've tried to stop using Flash but there are still too many sites that I need that still use it. It seems to me to be an abomination to the secure use of the web.
     
macmad
Mac Enthusiast
Join Date: Dec 2000
Location: Germany
Status: Offline
Reply With Quote
Jan 26, 2015, 02:00 PM
 
I third robttwo's comment, there is really no need for flash. The sooner it dies the better.
     
southwick
Fresh-Faced Recruit
Join Date: Nov 2014
Status: Offline
Reply With Quote
Jan 26, 2015, 02:36 PM
 
The Flash update page shows 16.0.0.287 as the most current. I'm at 16.0.0.296. What gives?
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
Jan 26, 2015, 03:02 PM
 
same here, southwick, I guess you and I are OK. But notice how you are completely screwed if you are running an older OS for which the browser of your choice is no longer supported. You'll have to remove the Flash plugin to be safe. I have a couple installs of Snow Leopard, I need it because of Rosetta.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Jan 26, 2015, 06:56 PM
 
As noted in the article, a standalone installer for .296 for Mac and Windows has yet to be released -- it is only obtainable through an existing software update panel. I imagine the standalone installer will be out shortly.
Charles Martin
MacNN Editor
     
TheGreatButcher
Senior User
Join Date: Jun 2000
Location: Sydney, Australia
Status: Offline
Reply With Quote
Jan 26, 2015, 11:26 PM
 
I refuse to install Flash as well. In the event I have no alternative, I open the offending link in Chrome.

Flash is an abomination. More HTML5 please.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 03:14 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,