Flash Player 16.0.0.235 Released

Toggle sidebar Toggle sidebar
PliotronX

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
Didn't quite make the version 17 for the end of 2014 like I projected but we are on track for version 20 around fall 2015.
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
You would think that people would stop using flash for everything, it has so many holes, it isn't funny.
HTML5 would be better. sigh.
 
Berryracer

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
Elixer said:
You would think that people would stop using flash for everything, it has so many holes, it isn't funny.
HTML5 would be better. sigh.
Click to expand...
It was recently updated as they discovered a serious vulnerability within hours of releasing the prior version. By now, I would've thought Adobe would've gotten this thing to be right. It's worse than JAVA, unfortunately, I need it as many sites I visit require Flash :(
 
B

BUTCH1

Lifer
Jul 15, 2000
20,433
1,769
126
I have never seen anything update itself so often as Flash but it doesn't matter, it will not play nice with the Catalyst drivers for my 4850 and when it goes bad it goes all the way bad ala Windows '98, BSOD followed by full re-boot. How in the hell in 2015 is any software as heavily used as Flash that these kind of things can still happen.
 
T

TheRyuu

Diamond Member
Dec 3, 2005
5,479
14
81
I was going to post this as well but someone beat me to it, from the thread in the security forum:
seepy83 said:
Just FYI - there was a new patch for one of the recent Flash vulnerabilities (CVE-2015-0310) released yesterday (http://helpx.adobe.com/security/products/flash-player/apsb15-02.html).

However, there is still another unpatched vulnerability (CVE-2015-0311) that is expected to be released sometime next week (http://helpx.adobe.com/security/products/flash-player/apsa15-01.html)

isc.sans.edu has raised the Infocon Threat Level to Yellow as a result of this unpatched Flash vulnerability.
Click to expand...

Also of note, I'm not entirely sure if Chrome is also vulnerable but apparently it wasn't being targeted from what I understand so a fully updated Chrome is probably ok[1]. I'm not sure if this is for one or both of the reported vulnerabilities.

EMET 5.1 also appears to block (stack pivot) an (one/both?) exploit in IE11 32-bit[1].

BUTCH1 said:
I have never seen anything update itself so often as Flash but it doesn't matter, it will not play nice with the Catalyst drivers for my 4850 and when it goes bad it goes all the way bad ala Windows '98, BSOD followed by full re-boot. How in the hell in 2015 is any software as heavily used as Flash that these kind of things can still happen.
Click to expand...

Unless there's some exploit actively being targeting, Flash's update cycle is mirroring Window's now since that's when the update for the built in one gets released. I don't see how it's a big deal, you can easily have it update on its own in the background or just use Chrome if it's that big of a deal to you.

berryracer said:
It was recently updated as they discovered a serious vulnerability within hours of releasing the prior version. By now, I would've thought Adobe would've gotten this thing to be right. It's worse than JAVA, unfortunately, I need it as many sites I visit require Flash :(
Click to expand...

It's just the exposure, since java isn't as commonplace anymore.

[1] http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
 
Last edited:
M

Morbus

Senior member
Apr 10, 2009
998
0
0
BUTCH1 said:
I have never seen anything update itself so often as Flash but it doesn't matter, it will not play nice with the Catalyst drivers for my 4850 and when it goes bad it goes all the way bad ala Windows '98, BSOD followed by full re-boot. How in the hell in 2015 is any software as heavily used as Flash that these kind of things can still happen.
Click to expand...
Because a 4850 is a seriously old GPU, so much in fact that I don't think even AMD support it anymore.
 
S

schmuckley

Platinum Member
Aug 18, 2011
2,335
1
0
so..what does this break?
/allow an exploit of?

^ 11.8 is good for that series ;)
or 12.6 legacy i think
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
pyonir said:
Where? Still says 287 for me, here - http://get.adobe.com/flashplayer/

edit: and here https://www.adobe.com/products/flashplayer/distribution3.html
Click to expand...

They do not offer the manual download at this time...
http://blogs.adobe.com/psirt/
UPDATE (January 24): users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player, please refer to this post. We will continue to provide updates on this issue via the Adobe PSIRT blog.
Click to expand...
 
Last edited:
T

TheRyuu

Diamond Member
Dec 3, 2005
5,479
14
81
Just a reminder, in light of the flash shenanigans and in regards to "click to play" in Chrome.

Click to play is not a security barrier and the correct setting for this is the block by default and to use the right click menu (or the icon in the omnibar) to enable flash on a site (run all plugins this time).

I believe this is because they cannot guarantee that the click comes from the user.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom