back to article Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched

People still using Adobe Flash should update the plugin after the Photoshop giant patched 15 remote-code execution holes in its screen-door software. If hackers aren't already exploiting all these holes in the wild, they soon will be. The remote-code exec bugs allow miscreants to hijack vulnerable Windows, OS X and Linux …

  1. Anonymous Coward
    Anonymous Coward

    For crying out loud just install Secunia PSI and it auto updates FLASH and many other software without intervention.

    http://secunia.com/vulnerability_scanning/personal

    1. Eddy Ito

      Unfortunately that doesn't get the software shufflers to learn from habitual epic failures. The only thing that really works is to remove the worst offenders so the shufflers are conditioned, albeit second order, to expect wallet depletion in a Pavlovian manner as it's quite clear that nothing else works.

    2. Roland6 Silver badge

      >For crying out loud just install Secunia PSI

      PSI has not been without it's own problems over the years, there were many problems with the 3.n release both in terms of UI and reliability - it often seems to hang when loading as it tries to connect to Seconia's servers, hence many still regard the 2.n release as superior.

      But it is one of the tools I install as standard (although I don't enable auto update), because it gives a clear indication of the overall security status of many of the packages typically installed.

      One of it's big plus's is that it discovers multiple and 'hidden' installs. So with respect to Flash (although the same could be said about Java) in the past it has notified me that whilst I've updated Flash (x86) I've not updated the 64-bit version. Likewise some application has included it's own personal version of Flash, which naturally won't get updated via the normal mechanisms.

      So yes if security of your system is important installing PSI is a no brainer.

      If being functionally uptodate is important then I would recommend tools such as FileHippo's Updater.

  2. Andy Non
    Devil

    Flash?

    Ah, I remember it now. Some obsolete security-hole ridden software that used to be on my computers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Flash?

      "Some obsolete security-hole ridden software that used to be on my computers."

      You tried Linux too then?

  3. Anonymous Coward
    Anonymous Coward

    El Reg has made its stance clear: uninstall Flash.

    Even though there are still flash ads on this site?

    1. Anonymous Coward
      Anonymous Coward

      Are there?

      1. Destroy All Monsters Silver badge

        Rumor-mongering!

      2. big_D Silver badge

        No idea if there are flash ads on the site, I run NoScript and don't have Flash, so I only get image ads...

    2. John King 1

      I think there must be Flash ads on The Register. It was only after visiting the home page this morning that a Firefox security message popped up about Flash on the page being vulnerable.

      1. Anonymous Coward
        Anonymous Coward

        Interesting that they left your comments. The last time I commented that I had an AdBlocker installed El Reg gremlins rejected the comment. As a matter of fact, I'm curious to see if this one persists..

        As for Flash, I am currently testing just how well my usual Internet surfing tolerates its absence. So far, so good. The only pain I've had is someone trying to convince me to infect my machine with Microsoft Silverlight instead, which isn't going to happen either.

        1. big_D Silver badge

          @AC I don't have any ad blockers running, just NoScript, so I can select which domains to allow to run JavaScript.

          The ads aren't blocked, but they can't run animated ads, so only image ads are shown.

          1. wdmot

            > but they can't run animated ads

            Except animated GIFs. I've seen more of those as ads lately :-(

    3. Adam 1

      What's the El Reg stance on https?

  4. beast666

    Use Chrome... It's just been updated...

    No? Use IE or FF and get pOwned.

    1. nematoad Silver badge
      Unhappy

      "Use Chrome... It's just been updated...

      No? Use IE or FF and get pOwned."

      Yeah right, cut out the middle man and just let Google scoop up all your data. If that's not being "pOwned" then what is?

    2. Anonymous Coward
      Anonymous Coward

      "Use Chrome..."

      Which has had far more security holes than IE and Flash combined. And pipes your data straight to The Borg...

    3. h4rm0ny

      >>"Use Chrome... It's just been updated... No? Use IE or FF and get pOwned."

      Did you even bother to take five seconds to research this? IE already has the latest version of FLASH included in its automatic updates. I just checked my copy here and it has the latest version number released by Adobe. Firefox is a simple update as you get the plugin direct from Adobe.

      If anyone wants to quickly check whether they are up to date just go here:

      http://www.adobe.com/software/flash/about/

      It lists what version you have installed and what the latest version is on every platform.

  5. Mogzy

    Apple

    Google & Microsoft are to blame for this. If they had just followed apple's lead with ditching flash we wouldn't be in this position today. Flamin' douchebags

  6. . 3

    Still using Adobe Flash?

    ...asks the online news outfit still earning a crust from flash ads irritatingly inserted inline with the article text. May be wise to stop biting the hand that feeds?

    1. Robert Helpmann??
      Childcatcher

      Re: Still using Adobe Flash?

      May be wise to stop biting the hand that feeds?

      Uh... please see masthead.

    2. Anonymous Coward
      Holmes

      Ads?

      What are those?

      They sound horrible - glad I never see any.

      1. h4rm0ny

        Re: Ads?

        I'm fine with sites having ads on them (so long as they're not auto-playing video or horror of horrors include sound). In fact, I *want* El Reg to make a nice profit.

        All that I object to is tracking. So where possible I block that without blocking the ads. This does devalue the ads very slightly perhaps, but it's what I'm willing to offer.

  7. Peter X

    Adobe

    It's getting to the point where there's more bugs than bytes! I'm sure that if Adobe had software that compiled down to a single bit, there would still be six bugs in it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Adobe

      No, no!

      "More bugs than bytes!" is the name of our new online gaming platform, due out soon.

  8. Anonymous Coward
    Anonymous Coward

    BBC News

    Is there any way to make video on the BBC News site work without Flash? It works on an iPad so it's clearly possible but I can't work out how to do it on a PC...

    1. nematoad Silver badge

      Re: BBC News

      I can't work out how to do it on a PC...

      No, neither can I. All I have been able to do is make Flash ask permission before it runs. I stick to using it only on the BBC and other sites I trust, but it still has me worried.

      I've now written to the BBC asking them to ditch Flash for all the good that will do but will not be holding my breath.

      Be afraid... etc.

      1. Evan Essence

        Re: BBC News

        @nematoad: There's an open post on the BBC's Internet blog here. You could ask them there, too.

  9. Bruce Ordway

    Flash & NoScript

    I can do without most Flash content but not all.

    So I keep Flash installed and use NoScript to occasionally, temporarily allow Flash content (and will apply the latest Flash update first).

    I've assumed Flash is then not executed by default & am protected from most issues but... maybe not?

    1. Destroy All Monsters Silver badge

      Re: Flash & NoScript

      I think it is safe to assume that.

      I have also noticed that Firefox updates, then tells you in no uncertain terms that it has disabled the previously-known-as-fixed version of Flash. Pretty slick.

      (Or take a look at Add-Ons > Plugins > Check that your Plugins are up to date)

      1. Anonymous Coward
        Unhappy

        Re: Flash & NoScript

        Presumptous bastards. The day there are no bugs in Flash (or anything else) I'll let them disable things because they want to.

  10. Anonymous Coward
    Anonymous Coward

    Flash

    Don't inhale.

  11. Neil Barnes Silver badge

    Linux should update to Adobe Flash Player 11.2.202.442.

    Hmmm. Mint threw a Flash update at me this morning (seems like it's been doing it every couple of days for a month) and now the Flash is 11.2.202.438... I guess I'm still one behind the curve.

    Let's see what happens later today.

  12. JamesTQuirk

    Updates are Good, but I Choose UNINSTALLING the crap, Use Synaptics Package manager in Xubuntu to Uninstall Flash from Restricted extra's Pack, it will remove Flash only, Not all extra's, I believe this works for all versions of a Debian/Unbuntu OS, but stiil use NoScript ....

  13. James 29

    Using the new responsive BBC news site, i've noticed in Firefox if you change your use agent (to iOS) for example. The 'you need flash' goes away and the videos just work.

    Why on earth do they not just let the videos play in HTML on all supported browsers? Flash should only be a option if HTML isn't supported

    1. JamesTQuirk

      Changing in Firefox can be Tricky, A addon, User Agent Switcher, will help, After Install U will Need a Agents File, http://techpatterns.com/forums/about304.html, Works 4 me, Tell Tools/USER agent to be a MAC, & reload page, Youtube&others are fine as osx/Firefox 35 agent (or ipad) & Video played, Having trouble getting BBC video ATM, trying different Browsers and Devices to be, trying to find a worker, but not in UK, so always issues with BBC ...

  14. phil dude
    Coat

    source code...

    ironically this may (I have no evidence of this) be an example of why FOSS is best.

    I read somewhere that the source code for FLASH was in the Adobe hack a few months ago, and someone floated the idea on Reddit that this could be the result - a load of 0-days that Adobe did not fix.

    My point would be as a FOSS advocate, that at least if EVERYONE has the source we can match up the bad guys?

    I'll get my coat...

    P.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022