Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Adobe again updates Flash to fix new critical flaw

Adobe again updates Flash to fix new critical flaw
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 5, 2015, 05:30 PM
 
Adobe has again had to update it's Flash software for OS X, Windows, and Linux in light of a critical security flaw that allowed remote attackers to take over and control un-updated Macs or PCs, just 10 days after the previous critical fix was issued. The software is now updated to version 16.0.0.305, up from version 16.0.0.297. The update fixes CVE-2015-0313, a zero-day flaw that can be triggered simply by visiting infected websites with Flash turned on.



The company has received numerous reports of the flaw being actively exploited on systems running Internet Explorer of Firefox, particularly those running Windows 8.1 or earlier. The flaw affects all previous versions of Flash, but version 16 updates are aimed only at fairly recent machines running OS X 10.6 or later, or Windows computers running 8.1. The exploit works by redirecting visitors from an infected page to an attacker-controlled site, where the exploit kit would use Flash's elevated rights to install itself through the zero-day exploit.

Systems that cannot update to OS versions that support Flash 16.x (or version 11.2.x for Linux users) are advised to completely disable Flash completely as soon as possible. The ongoing issues of critical flaws in Flash -- which has persisted for several years -- have lead many users (and some major websites, including YouTube) to disable it or block automatic usage of Flash.

Apple co-founder and former CEO Steve Jobs identified the security flaws in Flash as the major cause of crashes in OS X back in 2010 and wrote an essay on the topic when users complained about Apple's decision not to allow Flash to be used on its iOS products. Adobe eventually gave up on Flash for mobile devices itself, after conceding Jobs' point about its performance and battery life issues.

OS X disables Flash and Java automatically if they have not been used in at least 30 days, but using a blocker that allows Flash or Java use on a case-by-case basis, or disabling the two flaw-prone technologies completely if feasible, is the best course of action. Apple is likely to opt to silently disable all older versions of Flash on Safari browsers, essentially forcing an update for those users.

The update will be installed automatically on Mac and Windows systems that have a recent version and have opted to allow automatic updates. Otherwise, the latest version can be installed by visiting Adobe's Flash website and manually downloading the install package. The company says it is "working with our distribution partners" to update the built-in Flash included in Google's Chrome browser, and for Microsoft's Internet Explorer 10 and 11.

Users can determine what version they are currently running by visiting Adobe's Flash installer page, where they can also install the latest version. Chrome users should disable Flash until Chrome is updated to address the issue.
     
Ham Sandwich
Guest
Status:
Reply With Quote
Feb 5, 2015, 06:01 PM
 
Originally Posted by NewsPoster View Post
Systems that cannot update to OS versions that support Flash 16.x (or version 11.2.x for Linux users) are advised to completely disable Flash completely as soon as possible.
All in favor of doing away with Flash regardless of version, say "I DON'T FLASH"
     
jpellino
Forum Regular
Join Date: Oct 1999
Location: loc
Status: Offline
Reply With Quote
Feb 5, 2015, 09:12 PM
 
This is becoming a weekly goddamned occurrence. You're Adobe, for the love of God, stop acting like you're reading the security manuals as you roll out released software. It's amateur hour.
Just sayin'
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 03:21 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,