Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched People still using Adobe Flash should update the plugin after the Photoshop giant patched 15 remote-code execution holes in its screen-door software. If hackers aren't already exploiting all these holes in the wild, they soon will be. The remote-code exec bugs allow miscreants to hijack vulnerable Windows, OS X and Linux …
Unfortunately that doesn't get the software shufflers to learn from habitual epic failures. The only thing that really works is to remove the worst offenders so the shufflers are conditioned, albeit second order, to expect wallet depletion in a Pavlovian manner as it's quite clear that nothing else works.
>For crying out loud just install Secunia PSI
PSI has not been without it's own problems over the years, there were many problems with the 3.n release both in terms of UI and reliability - it often seems to hang when loading as it tries to connect to Seconia's servers, hence many still regard the 2.n release as superior.
But it is one of the tools I install as standard (although I don't enable auto update), because it gives a clear indication of the overall security status of many of the packages typically installed.
One of it's big plus's is that it discovers multiple and 'hidden' installs. So with respect to Flash (although the same could be said about Java) in the past it has notified me that whilst I've updated Flash (x86) I've not updated the 64-bit version. Likewise some application has included it's own personal version of Flash, which naturally won't get updated via the normal mechanisms.
So yes if security of your system is important installing PSI is a no brainer.
If being functionally uptodate is important then I would recommend tools such as FileHippo's Updater.
Interesting that they left your comments. The last time I commented that I had an AdBlocker installed El Reg gremlins rejected the comment. As a matter of fact, I'm curious to see if this one persists..
As for Flash, I am currently testing just how well my usual Internet surfing tolerates its absence. So far, so good. The only pain I've had is someone trying to convince me to infect my machine with Microsoft Silverlight instead, which isn't going to happen either.
>>"Use Chrome... It's just been updated... No? Use IE or FF and get pOwned."
Did you even bother to take five seconds to research this? IE already has the latest version of FLASH included in its automatic updates. I just checked my copy here and it has the latest version number released by Adobe. Firefox is a simple update as you get the plugin direct from Adobe.
If anyone wants to quickly check whether they are up to date just go here:
http://www.adobe.com/software/flash/about/
It lists what version you have installed and what the latest version is on every platform.
I'm fine with sites having ads on them (so long as they're not auto-playing video or horror of horrors include sound). In fact, I *want* El Reg to make a nice profit.
All that I object to is tracking. So where possible I block that without blocking the ads. This does devalue the ads very slightly perhaps, but it's what I'm willing to offer.
I can't work out how to do it on a PC...
No, neither can I. All I have been able to do is make Flash ask permission before it runs. I stick to using it only on the BBC and other sites I trust, but it still has me worried.
I've now written to the BBC asking them to ditch Flash for all the good that will do but will not be holding my breath.
Be afraid... etc.
I can do without most Flash content but not all.
So I keep Flash installed and use NoScript to occasionally, temporarily allow Flash content (and will apply the latest Flash update first).
I've assumed Flash is then not executed by default & am protected from most issues but... maybe not?
I think it is safe to assume that.
I have also noticed that Firefox updates, then tells you in no uncertain terms that it has disabled the previously-known-as-fixed version of Flash. Pretty slick.
(Or take a look at Add-Ons > Plugins > Check that your Plugins are up to date)
Using the new responsive BBC news site, i've noticed in Firefox if you change your use agent (to iOS) for example. The 'you need flash' goes away and the videos just work.
Why on earth do they not just let the videos play in HTML on all supported browsers? Flash should only be a option if HTML isn't supported
Changing in Firefox can be Tricky, A addon, User Agent Switcher, will help, After Install U will Need a Agents File, http://techpatterns.com/forums/about304.html, Works 4 me, Tell Tools/USER agent to be a MAC, & reload page, Youtube&others are fine as osx/Firefox 35 agent (or ipad) & Video played, Having trouble getting BBC video ATM, trying different Browsers and Devices to be, trying to find a worker, but not in UK, so always issues with BBC ...
ironically this may (I have no evidence of this) be an example of why FOSS is best.
I read somewhere that the source code for FLASH was in the Adobe hack a few months ago, and someone floated the idea on Reddit that this could be the result - a load of 0-days that Adobe did not fix.
My point would be as a FOSS advocate, that at least if EVERYONE has the source we can match up the bad guys?
I'll get my coat...
P.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
