back to article Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

Adobe has kicked out an out-of-band update for a security vulnerability in Flash – after learning the bug was being actively exploited in the wild by hackers to hijack PCs. The Photoshop giant said today its Flash Player 30.0.0.113 update should be a top installation priority for Mac, Windows, and Linux systems. One of the …

  1. intrigid

    The internet's screen door?

    More like the herpes of the internet.

    1. BillG
      Facepalm

      McAfee Antivirus

      I think it's funny that when you install Flash from the Adobe website, there's a checkbox to install McAfee Antivirus.

      As if Adobe's message is, "If you are going to install our Flash, you better have protection from viruses!!!"

      1. Captain Badmouth
        Big Brother

        Re: McAfee Antivirus

        " think it's funny that when you install Flash from the Adobe website, there's a checkbox to install McAfee Antivirus."

        Funny? It's hilarious. Not just one security hole but two!

        Someone, somewhere has your computer by the goolies.

    2. bombastic bob Silver badge
      Unhappy

      Re: The internet's screen door?

      what's a good word for someone who's SO irreponsible and careless, he is frequently getting cured of a sexually transmitted disease, yet is also frequently, carelessly, and irresponsibly engaging in behavior that easily contracts and spreads these diseases?

      THAT is what Adobe Flash is. I'm thinking "skank".

      1. Scott Marshall

        Re: The internet's screen door?

        Not a word per se, but an expression; "the village bike".

        Everyone's ridden it.

    3. luminous

      Re: The internet's screen door?

      "More like the herpes of the internet."

      50% of people have flash?

    4. Zippy's Sausage Factory
      Flame

      Re: The internet's screen door?

      And yet Windows 10 really doesn't want you to remove the Flash binaries. And if you do, updates stop working properly. Yet another example of Microsoft "making it easier".

      1. TheVogon Silver badge

        Re: The internet's screen door?

        "And yet Windows 10 really doesn't want you to remove the Flash binaries."

        The patch for this zero day is KB4287903 - you can download it now.

  2. Anonymous Coward
    Happy

    Boot a live Linux and rip it out of windows

    then go and find alternative viewers for all Adobe Products.

    It's much safer that way.

  3. Anonymous Coward
    Anonymous Coward

    Correction submitted

    Needless to say, users and administrators should test and install the updates uninstall Flash as quickly as possible. ®

    FTFY

  4. doublelayer Silver badge

    Adobe, you made a mistake

    "The Photoshop giant said today its Flash Player 30.0.0.113 update should be a top installation priority for Mac, Windows, and Linux systems."

    Adobe, I'm sorry I couldn't come into work today. Evidently the person you had making press statements hasn't read my playbook. The quote should have resulted in this excerpt from the article:

    "The Photoshop giant said today its Flash Player 30.0.0.113 update should be immediately installed over any older version, and then both it and all related versions should be permanently purged from the user's computer. This is a top priority for Mac, Windows, and Linux systems."

    I'll be back to work after the weekend. Please put this statement out, however, as it is quite urgent.

  5. wayne 8

    Office

    Office could disable Flash by default and require the user to enable each time.

    Or use LibreOffice?

    1. Anonymous Coward
      Anonymous Coward

      Re: Office

      "Or use LibreOffice?"

      Some of us need a version of Office that actually works. And Libre Office requires Java, which is just as insecure as Flash.

      1. alexlehm

        Re: Office

        LibreOffice does not require Java to be active in the browser, so the threat should be less than Flash.

  6. elvisimprsntr

    This article is irrevelent because everyone has already removed Flash at this point, right?

    1. Sven Coenye
      Unhappy

      Irrelevant because everyone has already removed Flash?

      Yes, years ago. But then Microsoft put it right back and took away the "Remove" button.

      1. Anonymous Coward
        Anonymous Coward

        Re: Irrelevant because everyone has already removed Flash?

        Just discovered that one on my laptop (which is considered insecure, always). Ripped Flash out some time ago. Just did a file search on the C:\ drive on a lark. I'm not even going to bother counting how many instances are in there and that's just the SxS files.

    2. bombastic bob Silver badge
      Facepalm

      everyone who reads El Reg, at least.

      icon because: Facepalm for the rest who actually STILL USE Flash

      /me does a face-wall, too, because face-palm just isn't enough

  7. JWLong

    Stop us if you've heard this one:

    Nope, haven't heard it in almost a decade. That's how long ago I dump Adobe products.

  8. FordPrefect

    Seriously can't someone take flash out back and shoot it in the head and save us from flash misery!

    1. GnuTzu Silver badge

      Wait. Did you mean shoot it in the back of the head or in the forehead?

      1. JLV Silver badge

        >shoot it in the back of the head or in the forehead?

        both, from orbit, only way to be sure.

        "These attacks leverage Office documents with embedded malicious Flash content distributed via email."

        This combination is cringe-inducing in terms of both the insecurity of Office allowing Flash payloads and the existence of professionals who think embedding Flash in Word docs is somehow good communication.

        Come on, MS, it's 2018, time to think through how insecure highly active content payloads are in Office docs. An Office doc's payload should have really limited access outside of its own representation. Perhaps fetching data in from databases, certainly nothing affecting the OS. And since Flash is too much of a sieve to trust, disable it. Do it now, you're only what 2-3 years of Adobe's own announced retirement for the mangy mutt.

    2. Destroy All Monsters Silver badge

      Impossible as (allegedly) Microsoft has already received all the money and is now compelled to push Flash for another few years.

    3. bombastic bob Silver badge
      FAIL

      apparently, Flash is UNDEAD. You can tell by looking through the hole in it's head, where someone shot it (several times).

  9. Destroy All Monsters Silver badge
    Paris Hilton

    Groundhog Day for the Zero Day

    This article should be illustrated with Advice Dog:

    "Install Adobe Flash!"

    Is there any academic paper out there analyzing whence the brokenness comes?

  10. Anonymous Coward
    Anonymous Coward

    Impressive

    Exploiting MS Office, ActiveX, and Flash all at once. Each has had plenty of vulnerabilities, but not many attacks make use of all three simultaneously.

    1. bombastic bob Silver badge
      Trollface

      Re: Impressive

      "Exploiting MS Office, ActiveX, and Flash all at once"

      What, no Exchange/Outlook too? It must "feel" left out. Heh.

      1. Anonymous Coward
        Anonymous Coward

        Re: Impressive

        Well, it is distributed by email, so they may well be involved too.

      2. Anonymous Coward
        Anonymous Coward

        Re: Impressive

        "What, no Exchange/Outlook too?"

        Exploits in those are very rare since they previewing blocked active content by default over a decade ago.

  11. Crisp

    A buffer overflow bug?

    I'm sure I read this exact same story back in 2003.

  12. RPF

    To El Reg:

    Really enjoyed the headline, thanks. Made I larf!

  13. Robert Helpmann?? Silver badge
    Facepalm

    Training Wheels Still On

    Where I work, employees are required to take a security class as part of orientation with an annual security refresher going forward. All run using Flash. 'Nuf said.

  14. Anonymous Coward
    Anonymous Coward

    Elephant in the room

    If your Riggs are that flaky that they can't withstand a buffer overflow bug you have other issues....

    John Doe Southern Yank with no MalwareSink/AV/Anti-Spam/Browser addons, yeah yer toast, but you've always been toast. at least I can charge OT this week end from home for running a few update scripts on 10K platforms...again....so...thanks?

  15. Bavaria Blu
    Windows

    Flash is here to stay, for 18 months at least

    We have lots of internal websites using Flash. Seems to still be a thing for some niche developers who can't be bothered to rewrite everything.

    If it ain't broke, why fix it seems to be the logic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020