Adobe has published a cross-platform update for Flash that addresses a potentially serious security flaw. Flash Player users are advised to upgrade to version 10.0.45.2 to plug a hole in earlier versions of the software that means the domain sandbox security protection could be bypassed to make unauthorized cross-domain requests …
Avoid the flash infestation by default
Hehe, could not care less - I browse using konqueror which has all plugins set to globally off and open stuff with flash separately in firefox _ONLY_ if I actually want to see that particular bit of info.
Helps avoid idiotic adverts, people embedding music in their website and most importantly drive-by hacking for flash exploits.
Or Adblock+ with a *.swf rule, with exceptions for a very small list of sites.
I'm a Linux fanboi, not a Mac one, but I can't help wondering if Jobs is successfully embarrassing Adobe into finally fixing its broken shit? I remember supporting Photoshop for a former company's graphics artists, and it was sheer hell dealing with Adobe. Worse than dealing with BMW Motorrad over broken final drives.
Adobe Download Manager
Just a random thought. Since Reader and Flash are peppered with holes like the proverbial Swiss cheese; are these security researchers (horay for them!) also giving the Adobe Download Manager the once over? It insisted on installing it just now when I updated Firefox before I spotted the manual .exe download option (yep my own 'tarding fault and I've just removed it). I hope they're giving this close scrutiny because once installed it probably has privileges to download and install whatever its told to by anyone - botnet or otherwise!
[Incidently I align myself with the "dislike Adobe because your software is crap, slow, and full of security holes" camp but I still need Flash for some things like BBC iPlayer so I only use it in Firefox with Flash blocker]
Hear hear! I roll out the updates manually on my network and it's a royal pain. Since the software is free why the hell don't they just post the new exe and msi (instead of the stupid registration--just count downloads and note IP if you want to track) and be done with it?
...every time i start a new browser it seems i need to redownload flash.
When is HTML 5 gonna get here?
It's Even Worse...
...than I thought!
I seems Farm Town, one of the myspace games, has set it up to download a new Flash every time, apparently they get some kind of pay per download, and they are scamming adobe!
"Loading game.... If game doesn't load in 10 seconds or you experience problems, please upgrade your flash player version here. " Sneaky!
"Flaws in Adobe software, second only to Microsoft, have been exploited in numerous targeted hacker attack over recent months"
Says it all really and perfectly explains Apple's reluctance to include it in the iPhone!
64 Bit Linux support
As much as I hate the closed source nature of Flash, not to mention the bandwidth hogging over use of it + all the security holes, Adobe scores major points with me for providing 64 bit Linux versions of the player as part of their regular releases and not as some "oh yeah, we'll get to that" release that lags a version or more behind .
64bit version + NoFlash == happy camper.
Now, I've got to go update Flash on both my 64bit systems :)
Re: 64-bit support
Wrong icon. You want "Joke alert" if you are going to praise Flash's 64-bit linux support. The present player is clearly marked alpha and the web-site will admit only to an "alpha refresh" this week. But I suppose if you are using it in conjunction with NoFlash (as you claim) then it probably doesn't matter.
A new program folder NOS... (since disappeared!) which contains an Adobe updater (certificates check out) but which helpfully decides to run getPlusHelper as a hidden service under Windows (Vista), thereby giving Unhackme conniptions... RootKit! RootKit! RootKit! (actually Unhackme was much nicer than that... but that's what my brain does when it sees the word RootKit in red).
I suppose I didn't get the Adobe Download Manager with Firefox/Chrome because of NoScript... but of course I got it when fixing up IE8 (which I hardly ever use, but that's no reason not to update it if it's installed)
Service stopped, key removed, file deleted.
Bastards. Just do it simple... how hard can it be???
Wasn't it Adobe who were recently touting that they don't release flash with bugs, it's flash developers that introduce bugs?
That was "Known" bugs.
Pay attention to the weasel words. Knowing them is the best way to spot a weasel. I think the implication was supposed to be that certain other vendors release software with "known" bugs.
Avoid the downloader
Use IE to download the FF version of Flash, and use FF to download the ActiveX version - that way you get two separate .exe files that can be installed on multiple machines, if necessary, and avoid the magic downloader nonsense.