Adobe confirms major Flash vulnerability(bgr.com)
bgr.com
Adobe confirms major Flash vulnerability
http://bgr.com/2015/10/15/adobe-flash-player-security-vulnerability-warning/
15 comments
The security bulletin has now been updated, and says the update will be available on Oct 16 (today).
Just one day after Adobe released its monthly security patches
for various software including Flash Player, the company confirmed
a major security vulnerability that affects all versions of Flash
for Windows, Mac and Linux computers. You read that correctly…
all versions.
Just uninstall this clusterfuck and be done with it.Although I agree with your negative assessment of Flash in general, the quoted bit "You read that correctly... all versions" is meaningless hyperbolic bluster. I would hope a cross-platform product is using a unified codebase to maximize compatibility and minimize development and test surface. That, of course, will tend to mean that bugs exhibit the same behavior cross-platform. (And to the extent that by "all versions", it is including past versions, that's even worse, as it implies that staying on an old version is ever advisable.) It's irresponsible journalism to mislead about the nature of software products like this.
Does vulnerability also affect Google Chrome's builtin Flash player?
EDIT: Answer is YES. The link provided by 0x0 says it also affects Google Chrome's Flash and there's an update for it.
EDIT: Answer is YES. The link provided by 0x0 says it also affects Google Chrome's Flash and there's an update for it.
It seems likely.
1. Go to URL chrome://plugins
2. Click Disable
Or block flash on all except whitelisted sites using flashcontrol, free in the chrome web store:
https://goo.gl/Q0hLm
https://goo.gl/Q0hLm
An extension isn't needed for that. Make it click-to-play ("Let me choose when to run plugin content") and then you can add any site you want to the exceptions list. An icon displays in the address bar when a plugin is on the page, click it and you can easily add the site to your exceptions list.
Patches available: https://helpx.adobe.com/security/products/flash-player/apsb1...
It'd be interesting to know (and the article doesn't seem to make it clear either) whether or not they're going to update the Linux flash player. If not then flash on linux is instantly dead, which would break quite a few websites.
I uninstalled flash completely from all my systems upon the last major vulnerability news. My biggest loss? No videos in Facebook, which seems to have been fixed recently anyway. I'm chillin.
Getting rid of Flash on iOS was the best decision Apple had ever taken. It is a fact that Flash is a pretty unsecure platform. Companies should stop using flash and put an end to it mess.
Flash is still a thing?