I'm starting to think the contents of ping pong balls are more interesting than hearing about flash exploits
Kill Flash now. Or patch these 36 vulnerabilities. Your choice
Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, …
COMMENTS
-
-
Wednesday 13th July 2016 12:48 GMT Michael Strorm
A load of balls
I'm starting to think that even these celluloid ping pong balls (#) are less of a safety risk than running Adobe Flash.
(#) Offtopic, but since I mentioned it, if you *really* want to see how scarily flammable celluloid is, check out this video of some burning celluloid cinema film. The really interesting bit is at 4m37s, where the burning reel of film sounds like a jet engine taking off.
-
-
-
Thursday 16th June 2016 21:10 GMT Gray
Not just the BEEB
Popular video streaming sites, such as Hulu, insist on Flash. Big headache. They also insist on flash plugin auxiliary stuff that isn't available for Linux ... so Windows is the only way to access my Hulu subscription. Big pain.
WTF couldn't Adobe get it right? And HTF did Flash become so totally ubiquitous?
-
Friday 17th June 2016 00:15 GMT Crazy Operations Guy
"HTF did Flash become so totally ubiquitous"
Like every new technology on the internet: porn. It was the first platform on which video could be streamed piecemeal, and on a wide variety of platforms. It rose in popularity during the format wars of the 90's when watching a video online meant that you might need Real Player, Quicktime, or one of the dozens of other proprietary video codecs.
-
-
-
Friday 17th June 2016 08:39 GMT VinceH
Re: completely irrelevent but love that movie
Brilliant film. And a good few years since I last watched all three. I have since picked up a cheap copy of the undoubtedly crap remake of the first (or is it the second, which was as much a remake of the first as it was a sequel) - so watching all four might be on the cards soon.
Or I might hold off until I have my hands on the series.
-
-
-
-
-
Friday 17th June 2016 11:40 GMT Don Dumb
Re: Killed.
"possibility of Auntie charging to use iPlayer...Doubt the beeb will be in any hurry to do so though."
Sigh, again with this.
iPlayer does have an HTML5 feed, you don't need flash for iPlayer. It's the BBC News videos that are unwatchable without Flash.
That they don't extend HTML5 to news is utterly baffling, considering that they have actually done this for mobile apps.
-
Friday 17th June 2016 12:38 GMT Rob D.
Re: Killed.
Allegedly it is because the change will "require a great deal of technical development work to our current systems and there are technical challenges around the ability to secure video streams in HTML 5".
It would seem that these challenges have been around and acknowledged for a good five or six years though so perhaps the underlying problem is just a lack of sufficient focus on this area of BBC content delivery.
See http://www.bbc.co.uk/news/help-36551036 and http://www.bbc.co.uk/blogs/bbcinternet/2010/08/html5_open_standards_and_the_b.html respectively.
-
-
Friday 14th October 2016 13:28 GMT Anonymous Coward
Re: Killed.
Bear in mind that iPlayer must also support smart TVs, which almost all use embedded flash. As a result it would be difficult for the BBC to completely do away with flash support. However for the major browsers that support HTML 5, it does seem baffling that it defaults to flash when the alternative stream is available...
-
-
-
Friday 17th June 2016 04:19 GMT gobaskof
US Goernment also hooked on flash
I am currently working across the pond at a US Federal government institute. On one hand they talk the talk about how all the computers must be super secure, on the other hand all of their IT security training (and all other online training) is only accessible with Flash.
-
Friday 17th June 2016 05:05 GMT Wensleydale Cheese
Adobe *still* can't get the name of Apple's OS right
From the Adobe Security Advisory
"A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS."
-
Friday 17th June 2016 05:49 GMT chivo243
Re: Adobe *still* can't get the name of Apple's OS right
Thank you +1 for you, the current os name would be OS X. Apple's next os will be macOS. And Safari 10 will not run any of the crud(java, flash, silverlight etc) unless explicitly enabled by the user.
Right, there was an piece here on El Reg:
http://www.theregister.co.uk/2016/06/15/safari_10_will_put_flash_java_silverlight_quicktime_in_the_bin/
-
-
-
-
Friday 17th June 2016 20:20 GMT raving angry loony
Re: ¡Ay, caramba!
If the one and only way to control your expensive piece of trash REQUIRES Flash...
... it's time to take that expensive piece of track and wrap it around the head of the head the company making it. And perhaps the person who approved its purchase. With mechanical assistance of a crowbar and fireaxe, if necessary. There's exactly no excuse of any kind for requiring the use of Flash to administer expensive kit.
-
Saturday 18th June 2016 05:27 GMT Charles 9
Re: ¡Ay, caramba!
There IS one excuse, a very CRITICAL one: amortization. The highly expensive piece of kit has already been bought. The costs are sunk and can never be retrieved. They're a big strain on the business, trying to obtain another so soon will literally kill it. So basically, you MUST live with it. And leaving the company may not be an option as (a) no one else is hiring or (b) they're in the same boat, saddled with expensive kit they MUST use.
Put it this way. If you're out in the middle of the shark-filled ocean and the only possession to your name apart from your clothes is a leaky raft...well, all you can do is start bailing.
-
-
Saturday 18th June 2016 06:12 GMT JLV
Re: ¡Ay, caramba!
interestingly, I have a similar issue on my printer, a Brother with wifi capability. Configuring the wifi access password requires you to plug in a USB cable and then run their config utility which is ... Java based. Once the wifi login info is entered, you can delete the whole thing.
I avoid Java whenever possible and Java on Mac does not uninstall at all. And it actually also chokes on just turning off the Java applet capability, insisting that you need to be an admin to do it on other users' accounts. Never mind that I am the admin, using sudo. Instead of installing Java, I was thinking of launching the java configuration from a Ubuntu vm but there is no Brother config app for Linux.
However, I saw a Linux-oriented posting where someone saw that the printer actually runs an http server and you can you just enter the wifi info using a browser (if you are connected by wired at the time), bypassing the need for their config app. It's complicated, but it works. Need to try it on my printer.
Lesson learned? - sometimes what the config client talks to is still http/html-based, under the covers.
-
-
-
-
Saturday 18th June 2016 17:36 GMT Tom -1
Re: Why?
"Just how is it that Flash is so relentlessly shit and never seems to improve any?"
Maybe Adobe is incompetent at producing any reasonably secure software? I've heard it said that over the years almost every alternative to Acrobat has been more secure than the Adobe product, and I decided years ago to avoid all use of Acrobat and stick to Foxit for viewing and printing PDF. If I could avoid all use of Flash I would.
In fact I would like to be completely Adobe free.
-
-
Wednesday 16th November 2016 10:38 GMT Steve 114
Tedious
So I decided to update. On their site I needed first to enable Flash, and Java. Then negotiate a download, then untick a preticked 'optional' random payload (just WHY?), then restart the browser. Not too hard, but I'll never get my many cousins each to do it to theirs without Teamviewer one by one. What a pain
-
Wednesday 23rd November 2016 06:30 GMT Maty
Why is Flash so relentlessly crap ...?
Every time you have to update the latest security failure in Flash you have to look around for, find and uncheck that optional extra program that Flash has bundled with the update.
Assuming the makers of that extra program pay Flash for bundling the software along with the update, it would seem that for Flash producing software with security holes must be quite the money-spinner.
If people don't need the patches, they don't download the extra software. Call me cynical, but if making a more secure product will cost the makers lots of money, expect an insecure future.