back to article Critical Flash vuln under active attack, Adobe warns

Adobe Systems on Monday warned of a critical vulnerability in the most recent version of its Flash Player that is being actively exploited in the wild. The vulnerability affects Flash Player 10.1.82.76 for Windows, Macintosh, Linux, Solaris, and Android operating systems, Adobe said in an advisory. “There are reports that this …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Black Helicopters

    Conspiracy!

    It's an evil plot by Steve Jobs to strengthen Gianduia's position over Flash!

  2. Anonymous Coward
    Grenade

    How many times to we have to be reminded...

    Flash is just an all around bad idea?

  3. BingBong

    I see no Flash

    What's this Flash stuff anyhoose?

    ---

    Sent from my iPad

    1. Anonymous Coward
      Grenade

      Then you see what Steve Jobs wants you to see

      Which for me is not much.

      Sent from any computer I like to own and control.

      1. Barry Lane 1
        Thumb Down

        @Then you see what, etc

        Oh, do get over yourself, please.

        Anyways, shouldn't you be back at school.

      2. Chris 3
        Grenade

        Sadly....

        .... if you're running Flash there aren't any guarantees that you *are* the owner and in control of the computer.

      3. Macka
        Jobs Halo

        All your comps are belong to us

        Ha, you mean sent from a computer someone else now owns and controls.

    2. Anonymous Coward
      Happy

      Re: I see no Flash

      "What's this Flash stuff anyhoose?"

      It comes hand in hand with choice. Your iPad is missing that too.

      Not sent from your iPad.

  4. Ed Vim

    Web-based email services

    >> since Flash is used by Gmail and other web-based email services

    That statement is misleading since such services can USE Flash but they most certainly don't NEED Flash to function. An example would be a Gmail user being able to view a Youtube video that's part of a message they received. But outside of something like that Flash is not a necessary part of any webmail service I'm aware of. I just don't want to see people being spooked about some kind of vague distinction that webmail services are more or less vulnerable as that isn't the case.

  5. Trevor_Pott Gold badge
    FAIL

    Time to refocus on security, Adobe.

    Microsoft refocused on security and we went from "ha ha" default security in Windows 2000 to "not impenetrable but arguably within reach of the competition" in Windows 7. It’s not just Flash; it’s Adobe Reader too.

    I second Dan's noscript call:

    http://www.theregister.co.uk/2010/08/11/sysadmin_noscript/

    And I raise a few more plugins besides:

    http://www.theregister.co.uk/2010/08/10/sysadmin_secure_browser/

    http://www.theregister.co.uk/2010/08/06/sysadmin_malware_magnet/

    Adobe, Pull your damned socks up.

  6. Anonymous Coward
    Megaphone

    Flash is great

    You dinosaurs would still rather be working on computers running unix or dos with a green screen VDU.

    Graphics are what most users want to experience on their PCs and flash enables that. Sure, it needs to be more securely coded, but to dismiss it outright shows some of you lot to be old farts

    1. Destroy All Monsters Silver badge
      Headmaster

      Hell yeah!

      You fracking "I want my colorful interface" know-nothing

      "Flash enables graphics on PCs"? Right.

    2. Anonymous Coward
      Grenade

      @AC: Flash is Great

      While I agree with your assertion that most users want to use a graphical interface; not only I do I flat out reject the rest of your argument, but am now convinced that you are an absolute idiot because you don't comprehend Adobe hasn’t gotten their security ‘shit’ squared away after years of "second chances".

      Just say no to flash!

  7. Steve Loughran

    Use FlashBlock

    This article gives the wrong mitigation measures -it says use NoScript and that gmail needs flash

    * gmail doesn't use flash, nor does Y! mail, though flickr likes it

    * if you install the FlashBlock plugin (Firefox and apparently Chrome) you can block flash everywhere, and selectively enable it where you trust the site.

    * Acroread is best handled by uninstalling, switching to a lighter weight viewer. Sometimes these are vulnerable too, but they tend to be targettted less often

    1. Carrierbag Head

      title goes here

      Yeah, the main reason I stick with Firefox is the the plugins, particularly, noscript and flashblock, both of which I use. Opera needs to consider opening it's system out to fully to allow powerful plugins if it wants to take on Firefox, and not just try the "we'll include the kitchen sink, features wise, so you don't need proper plugins" approach. Any time I've searched Opera plugins, all there seems to be is 101 calendar apps. Why do I want a bloody calendar in a web browser, FFS?

      Worth pointing out though, is that Flashblock isn't infallible, I've had a few "WTF?" moments when flash ads start running by somehow either deliberately or inadvertently bypassing flashblock's Flash detection. Don't know how they do it, but flashblock isn't perfect.

      I have worries about HTML5 and it's video streaming capabilities. I suspect it's going to open up a new security can of worms for malware peddlers to exploit. At least I can for the most control flash and flash video with flashblock and noscript.

    2. Anonymous Coward
      FAIL

      Do NOT use FlashBlock

      Relying on FlashBlock for your security is not a good idea:

      http://hackademix.net/2008/06/08/block-rick/

      http://hackademix.net/2010/09/14/yet-another-adobe-flash-unpatched-vulnerability-actively-exploited-in-the-wild/

  8. ph0b0s

    Yay noscript...

    People wonder why I still use slow Firefox instead of the much faster Chrome or Opera. This is a first class demonstration why. The browser makers always say that their browsers are completely secure so the plugins like noscript, cookie monster, better privacy and ad block are not needed.

    But in cases like this with these zero day vulnerabilities (that even affect firefox) I am happy to have these plugins that give an extra level of control and when other browsers have plugins that do the same thing I will be happy to move to them.

    From the previous posters comments it looks like Chrome is moving in the right direction. But when I looked up Flash Block it looks like you are forced to allow sites like youtube.

    1. Carrierbag Head

      why do I need a title for a reply? Sort it, Reg

      flashblock stops youtube if you want it to. Flashblock and noscript work fairly well together, too, so you can run both.

      1. ph0b0s

        none

        That maybe true, but the main point of my post was to say that I won't touch other probably better browsers until they offer these types of plugins to allow you to shield yourself from these zero day issues until patches are avaliable.

        Most browser zero day issues seem to come from javascript, flash etc. We must be allowed control over when these run rather than the browsers 'we are secure so we can allow everything on every website to run' attitued. This is fine until a vunerability they have not thought of appears.

        The rumour with Chrome was that Google will never allow anything that stops their browser from doing flash or javascripts as most of their ad revenue comes from them.

  9. Ed Vim

    Re: Flash is great

    >> You dinosaurs would still rather be working on computers running unix or dos with a green screen VDU.

    Personally I like both a terminal window and a dancing GUI making mindless sound effects. But both have their own appropriate situations, and I think almost all computer users young or 'dinosaur' feel the same way. The problem with Flash is Adobe has failed in an extreme way to allot proper development resources to optimize and secure it. To Adobe's credit, if you think back to when the Internet was just starting to gain so much general usage, Flash was originally aimed more at animated games and then it's usage for things like online video just grew almost organically. There really wasn't a lot of viable alternatives at the time, like HTML5, WebM, or Silverlight, etc. But getting back to the point, most techies don't hate Flash for what it is and making silly blanket accusations is pointless. I think a more accurate sentiment is the wish for an optimized, cross-platform stable, secure Flash that just works. A proprietary-free environment would be even better. Adobe's refusal to a) give Flash better development support, or b) Open Source it to allow better development support is disappointing. HTML5 is gaining lots of momentum and Flash could become more and more irrelevant.

This topic is closed for new posts.