back to article Patch Flash now: Google Project Zero, Intel and pals school Adobe on security 101

Hot on the heels of Microsoft's Patch Tuesday release, Adobe has published security fixes for its Flash Player browser plugin. The March 12 update for the internet's screen door addresses 11 CVE-listed vulnerabilities. Adobe is listing the patch as a top deployment priority for Windows, OS X and Linux systems. Among the flaws …

  1. Nate Amsden

    good thing

    adobe doesn't have to worry about paying cash bounties for security issues

  2. oldtaku Silver badge

    Better yet, just uninstall Flash entirely. I haven't missed it since almost everyone and dog supports html5 video now. It's not worth having a weeping security sore that no amount of bandaging can fix.

    1. Mark 85

      Exactly. If it doesn't bite you this week, it still can next week. I believe it's like a 20 year old automobile tire: no matter how many times it's patched, it's still going to leak.

    2. Anonymous Coward
      Anonymous Coward

      @oldtaku

      BBC videos embedded in their news articles still need Flash.

      1. fnusnu

        Re: @oldtaku

        So how do I manage to view them on my ipad?

        1. Anonymous Coward
          Anonymous Coward

          Re: @oldtaku

          "So how do I manage to view them on my ipad?"

          Because the mobile and desktop sites are different. On the desktop you're only ever offered the Flash option. Disable/uninstall it and you get a message telling you that it requires Flash to play their videos. Perhaps there's some browser hack, but I'm not aware of it.

    3. DJGM
      Stop

      @oldtaku

      Well, not quite, there are still a large percentage of video streaming websites that still require you to have the god awful Adobe Crash Player installed, while some use the somewhat more stable and considerably less buggy Silverlight from Microsoft. The only major video streaming website that has (recently) sidelined Adobe Crash in favour of HTML5 is YouTube.

      Uninstall Adobe Crash Player, and if you access plenty of websites that serve up multimedia content, they suddenly don't work 100% and prompt you to install (or re-install) Adobe Crash Player. While it is still an atrociously bad piece of insecure crapware, it's still a necessary evil.

      What really needs to happen is for Adobe to kill off Crash Player, thus forcing all websites that still support it, to switch to HTML5.

  3. Anonymous Coward
    Mushroom

    Ah... patch Flash you say? Hahaha.

    Removed from our enterprise as of one month ago.

    Many thanks Adobe for reminding me why I removed it, however.

    Also, for anyone who is curious... typically manage up to fifty users and to date I've only had two complaints with respect to the absence of Flash. Of which one website attempted to serve malware to my VM and the other is used for uploading files to one of our suppliers.

    The former I gave the finger, the later is being a little bit of an annoyance. Why someone decided for Flash to be an integral component of a website to upload files boggles the mind. Seeing how we are the customer in this case I requested for them to provide us with an alternative solution.

    So far so good then!

    1. theblackhand
      Pint

      Re: Ah... patch Flash you say? Hahaha.

      "Why someone decided for Flash to be an integral component of a website to upload files boggles the mind. Seeing how we are the customer in this case I requested for them to provide us with an alternative solution."

      Can I put money on the alternative requiring Java?

      Pessimistic? No, my glass is completely empty. Your round?

      Because it's Friday....

  4. Anonymous Coward
    Anonymous Coward

    More info needed!

    How about a link to the update's webpage, or the Flash version number at least? Because when I visit Firefox Check Plugins page it says my version (16.0.0.305) which was installed a few weeks ago is still up to date.

    1. Blip

      Re: More info needed!

      I use http://www.adobe.com/uk/software/flash/about/ to check if my version is up to date and there's a link to the Player Download Center (http://www.adobe.com/go/getflash)

  5. bitmap animal
    Unhappy

    Need to keep it for some users

    Sadly the O2 Business account management tool is Flash only, as is our HR package. That is about 1/4 of our PCs still need it. Quite a few customer web sites are also heavily driven by Flash and so we miss a lot of their content.

    I tried removing it a while ago but have to leave it for some and just watch for updates.

  6. TheVogon

    The latest is 17.0.0.134

    1. SoltanGris

      And when I checked my FIrefox install on Win 7 it claims that version 16.xx I had installed was

      'Up To Date".

      Useless information that is wrong, thanks Firefox.

      Yah, for those that need to know update, latest version is 17.0.0.134.

      I don't know why Firefox Plugin manager can't be bothered to stay up to date in some automated

      fashion. My Secunia PSI caught the fact that the Adobe Flash here was out of date.

      Don't forget to untick the malware extra bonus addon, Mcafee and grab the 'other versions'

      for IE and Chrome. What a effing mess.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like