Author Topic: Beware Flash Player  (Read 3584 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Beware Flash Player
« on: Monday, 13 July, 2015 @ 15:46:10 »
Quote
Yet more Adobe Flash zero-day bugs discovered, exploited in the wild

The hack of spyware company Hacking Team has unleashed yet more critical zero-day Adobe Flash vulnerabilities for which no official patches yet exist.

If successfully exploited, the two vulnerabilities could allow criminal hackers to hijack innocent people's computers in order to steal information, plant further malware or launch attacks.

In an advisory published this weekend, Adobe said it hoped to roll out an emergency security update (yes! another one!) in the coming days.
https://grahamcluley.com/2015/07/adobe-flash-zero-day-bugs/


Might be that you don't need Adobe Flash Player: Uninstall Flash Player

Or set it to Click-to-Run

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Re: Beware Flash Player
« Reply #1 on: Tuesday, 14 July, 2015 @ 17:01:47 »
Quote
There's some drama going down in the Flash camp. Yesterday, because of two unpatched Hacking Team zero-day vulnerabilities, Mozilla blacklisted Adobe Flash Player 18.0.0.203, meaning Flash was disabled by default in Firefox. This morning, just a few moments ago, Adobe rushed out version 18.0.0.209, plugging the two vulnerabilities.

Meanwhile, over at Facebook, the company's new chief security officer called for Adobe to "announce an end-of-life date for Flash," so that we can finally "disentangle the dependencies and upgrade the whole ecosystem."

And if two Web giants weren't enough, Google recently announced that the next stable version of Chrome would "intelligently" block auto-playing Flash elements.

Adobe has been scrambling to fix a number of Flash vulnerabilities since they were first exposed by the massive leak of Hacking Team internal documents last week. One of the zero-days was patched quite quickly, but two further zero-days that were publicised on July 10 went unfixed for three days. With hundreds of millions of Firefox users vulnerable, Mozilla boldly decided to blacklist the current version of Flash.

If you're a Firefox user and Flash is still blocked, you'll need to manually update to 18.0.0.209 or newer from the Adobe website. Make sure you deselect the McAfee checkbox.
http://arstechnica.co.uk/security/2015/07/firefox-blacklists-flash-player-due-to-unpatched-0-day-vulnerabilities/