Feeds

back to article Adobe rushes out patch for all-platform Flash vuln

Adobe has fixed a potentially serious cross-platform security bug in its Flash Player software with an out-of-sequence security update. A series of patches for different platforms, published on Sunday, tackles a cross-site scripting vulnerability in Flash. Adobe Flash Player version 10.3.181.16 – and earlier across a range of …

COMMENTS

This topic is closed for new posts.
Flame

Fecking flash

how many fecking "updates" do I need in a month. I've lost count of the number of times I have logged into a PC to be greeted with that fecking message about an update being ready.

Even the not-at-all-PC-aware Mrs has noticed that "This Flash thing always needs updating".

8
1
Gold badge
Flame

Fecking fecking flash

And just to make it even better, you seem to need administrator rights to update it (at least on IE); Yeah!!!

Also fecking, why isn't it fecking dead yet? It's lasting longer than fecking SCO group :(

2
0
Silver badge
Linux

I see no issue

Regular updates mean a secure system. The more the better.

Just let your package manager handle the updates for your OS and installed apps, authenticate once, all done. You don't even need to reboot unless the kernel changes.

5
6
Happy

eltiT

Use Chrome, and uninstall all the standalone flash players. The Chrome automatic updater is discrete, and you need never worry about flash patching again.

0
0
Facepalm

Eh?

"Regular updates mean a secure system. The more the better."

Let me just correct that for you.

"Regular updates mean an insecure system. The more updates, the more insecure it is".

0
2
Thumb Down

Windows :(

Most people are still using Windows, remember. That means ten or so resource hogging bespoke-written app updaters all starting up and lurking in the system tray, popping up heavily skinned windows at random intervals demanding an update, then proceeding to install Yahoo! toolbar because you missed a checkbox somewhere along the multi-screen update-confirmation-and-license-agreement process. After a couple of reboots (Stage 1/3... stage 2/3... stage 3/3). Or just failing because they they can't write to Program Files like they expect.

1
0
Silver badge
FAIL

@peter 45

No system is 100% secure. None. So a system will always starts out with, say W problems. Over time X more are found for any given time period t. So the total number of faults is W + Xt. This number grows with t.

Fixes, Y, for those problems are released. So the total number of faults is now W + t(X - Y).

Ah, but wait, those fixes may introduce some other issues, Z, so the total number of faults is W + t(X -Y +Z) where Z is some fraction of Y...say f, so Y is fY

W + t(X -Y + fY) which si W + t(X -Y(1-f))

So long as Y(1-f) > Z then a patched system actually gets more secure as time goes on rather than an un-patched one, because more are holes are getting plugged than are being discovered/created.

Just because Windows makes keeping a system up to date a raging pile of ball-ache does not make a highly patched system a bad thing. So long as those patches fix more problems than they cause.

0
1
Angel

Load of round dangles

Cannot fault maths. Assumptions and logic on which maths is based is utter tosh.

To test the logic, test an extreme example. Plug in numbers for code that contains some vulns, and plug in the numbers for code containing nil vulns. According to your logic, because the perfect code is never patched (which of course it would never need to be), it is the more vulnerable system.

0
0

PS Logic break here

In case you did not spot it.

"a patched system actually gets more secure as time goes on rather than an un-patched one"

It itself a true statement, but based on the assumption that you are comparing code with the same (approx) number of vulns at the outset.

0
0
Silver badge

Damnit

I just got done writing up the package for OpenIndiana, not I have to redo it -_-.

0
0
FAIL

Already?!

I built a new PC yesterday, installed Flash and it's already out of date? I appreciate a rapid response to vulnerabilities but can't they just write a decent version? Again, I know things move on and new attacks are coming all the time but seriously, Flash is the swiss cheese of software. They need to get their act together. Of course, as long as people 'rely' on it and it's seen as being vital, they've got little incentive to improve things. Now, if enough people started saying they weren't going to install Flash because of it's shortcomings they might do something.

2
0
Anonymous Coward

Sources of exploits

I always thought Flash was the biggest source of exploits too until I saw Microsoft's Security Intelligence Report [1] (Figure 6), which indicates that Java exploits are much more common (by at least an order of magnitude).

[1] - http://www.microsoft.com/security/sir/

1
1
Silver badge

@Sources of exploits

Interesting report, but part of me is a trifle suspicious of MS reporting on their own problems. I would be more interested in reading 3rd party assessments.

I guess the other aspect is there are probably far more PCs with Flash installed than Java, so more targets? Also a favourite has been that other piece of crap, the Adobe Reader & its PDF browser plug-in.

Back to today's rand - why can't Adobe sort of their software? It must be only a fraction of the code base size of Windows, and yet they make MS look like the golden boy of security by comparison.

0
0
Silver badge
Devil

Interesting?

Maybe this is why the wife's PC has just gotten two fresh copies of Malware Defender in two days? The last one after she opened a page on the Daily Mail ... and I'd only just finished cleaning the Damn thing last night.

And this on a fully patched version of XP while running the current release of Firefox and SpyBot Defender - all updated last night.

1
1
Silver badge

Hey, if it weans her off The Mail...

...then that's a good thing, right?

1
0
Silver badge
Happy

upgrading wifes web site habits

She's now reading FARK - I view this as an improvement.

0
1
Black Helicopters

Jeeeeez

I long for the day when I can uninstall every fucking Adobe program for good.

2
0
Go

DAMN!

come on html5, get yourself in here!!

0
0
Trollface

Oh really?

And how many times did you update your browser in the last month or two?

0
0
Anonymous Coward

Painting the Forth Bridge

I've just finished updating the 4500 machines I manage, just to find another update.......

Oh goody.......

0
0
This topic is closed for new posts.