Adobe has issued an emergency update for its Flash

[Elixer]

Die Flash, die!

Today Adobe issued Security Bulletin APSB16-08, which is an Adobe Flash update that fixes 23 reported vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb16-08.html

Security updates available for Adobe Flash Player

Release date: March 10, 2016

Vulnerability identifier: APSB16-08

Priority: See table below

CVE number: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010

Platform: Windows, Macintosh and Linux



Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.

 

[PliotronX]

 

[Crusty]

I could only hope that one day they release an update that simply uninstalls flash.

Quick and painless death.

 

[MustISO]

I could only hope that one day they release an update that simply uninstalls flash.

Quick and painless death.

It's right here:
https://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

 

[Crusty]

It's right here:
https://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

*whoosh*

I know you can uninstall flash... I'm saying adobe should release an auto-update that uninstalls flash for everyone

 

[PliotronX]

*whoosh*

I know you can uninstall flash... I'm saying adobe should release an auto-update that uninstalls flash for everyone

New security feature in 21.0.0.202: remove all Adobe Flash runtimes from system!

 

[Red Squirrel]

Flash, Silverlight, Java plugin etc... all that stuff needs to die. Flash especially.

 

[TheRyuu]

Well even if you're not a fan of Chrome I would still recommend it for Flash content because of the sandboxing it provides. On Windows versions that support it you can extend the win32k lockdown mitigation to plugin processes as well (enable-win32k-lockdown-mimetypes launch option[1], also available in chrome://flags).

[1] http://peter.sh/experiments/chromium-command-line-switches/#enable-win32k-lockdown-mimetypes

 

[John Connor]

There needs to be a world wide consortium on mandating that all websites use HTML5 instead. A lot of the news sites I visit use their own fancy pants player. Some work great while others are horrendous. Just HTML5 that crap! All browsers support it now!

 

[Elixer]

This is why they need to start suing the ad companies, to put a stop to this BS.
There is no reason to have anything other than static content, or use HTML5.

 

[Mike64]

This is why they need to start suing the ad companies

Exactly what are they doing that is "unlawful"?

 

[John Connor]

http://www.engadget.com/2016/01/08/you-say-advertising-i-say-block-that-malware/

 

[sbpromania]

Flash is breathing its last breath, that's sure. Flash has served us very well many many years, but it's time to leave the scene now.

 

[KeithP]

Well even if you're not a fan of Chrome I would still recommend it for Flash content because of the sandboxing it provides.

Aren't there plugins for Firefox that let you open a URL/URLs in Chrome? That would be another way to go and might be more convenient than copying and pasting links between browsers and a separate Flash install can be kept out of your system.

The other advantage of this method is it will let sites know that you don't have Flash installed (when using FF) and may help with its speeding its demise.

-KeithP

 

[Mike64]

Flash is breathing its last breath, that's sure. Flash has served us very well many many years, but it's time to leave the scene now.

People have been saying that for years. I'll believe it when I see it...

 

[Elixer]

Exactly what are they doing that is "unlawful"?

They are serving up malware, and are not taking security seriously.
There are already tens if not hundreds of thousands that got hit by going to some popular site, and their ads infected the user.

They should be scrubbing the ads, but, clearly they are not.

 

[Mike64]

And people blame lawyers for our so-called litigation-happy society...

They should be scrubbing the ads, but, clearly they are not.

As a matter of "morality", perhaps, but at the risk of beating a dead horse - as a legal matter, "says who"? No one's forcing you to visit their websites in the first place. My own typical reaction to a site blocking AdBlocker is to simply move right along...

 

[Elixer]

And people blame lawyers for our so-called litigation-happy society...

As a matter of "morality", perhaps, but at the risk of beating a dead horse - as a legal matter, "says who"? No one's forcing you to visit their websites in the first place. My own typical reaction to a site blocking AdBlocker is to simply move right along...

Well, yes, I use adblocker (and...) as well, but the average person has no clue on this stuff.
If you walk into your local store (site) looking/shopping, and there is a service rep there(ad agency) in the store running around robbing people occasionally, you don't think visitors have any recourse except to go someplace else or pack some heat (adblock) and take matter into their own hands?

This isn't ambulance chasing here.

 

[Mike64]

Well, yes, I use adblocker (and...) as well, but the average person has no clue on this stuff.
If you walk into your local store (site) looking/shopping, and there is a service rep there(ad agency) in the store running around robbing people occasionally, you don't think visitors have any recourse except to go someplace else or pack some heat (adblock) and take matter into their own hands?

Whose ad agency? One working for the store? Or for one of the companies whose products the store sells? Or for a company that buys space on a billboard outside the store (or hypothetically, on the store's interior walls?)

If you're going to "sue" anyone, it seems to me Adobe would be the one to sue. It's their product that is fundamentally flawed (real-world experience has proven that countless times already) and indeed, is arguably not even fit for its intended/advertised purpose. Ignoring the state of the law as it currently exists (or if not - good luck with a lawsuit against either), that would certainly make the most sense since not only is it their product that causes the trouble, they're in a much better position to deal with the problem, since they already (allegedly) have the software expertise to address the problem, while retailers don't. Perhaps then Adobe would at the very least start proactively testing their product far more than they very obviously do...

 

[Elixer]

But, as you say, nobody is forcing the ad companies to use Flash, they willingly use a knowingly defective product.
If the ad companies have a deal with Adobe, that I have no idea, it is possible.

It is turning out to be a game of Russian roulette with ads, and this is a direct result of allowing non-static content.
On July 2016, google is not going to accept Flash display advertisements, so that is a start.

I'll close my remarks with how I started this thread.

Die flash, die!

 

[John Connor]

LMAO! http://forums.anandtech.com/showthread.php?p=38102734#post38102734