Sign in / up

back to article Adobe patches Flash dirty dozen, ignores 155 in Shockwave shocker

Adobe has patched nearly two dozen vulnerabilities in its Flash player including 16 that lead to code execution but is still serving flawed versions with hundreds of holes as part of its Shockwave bundle. The Flash vulnerabilities patched yesterday affect Windows, Mac, and Linux as part of the version 19.x updates. It …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Michael Thibault

    The long tale

    Adobe is duty-bound to clean up its act, and to continue doing so, until the last instance of Flash perishes in the heat death of the device on which it's installed. That should keep their programmers from causing trouble elsewhere.

    p.s. It wouldn't be right to say I'm kicking Adobe when it's down; it isn't down enough for that.

    7 0 Reply
  2. raving angry loony

    Removed.

    I've removed Adobe products from my system. Any site that doesn't offer alternatives to Flash is now just bypassed. I haven't missed much, as far as I can see.

    8 1 Reply
    1. Charlie Clark Silver badge
      Reply Icon

      Re: Removed.

      Yes, because there obviously won't be any exploitable bugs in the browsers' media players…

      1 8 Reply
      1. raving angry loony
        Reply Icon

        Re: Removed.

        I see you like making things up. Imagination is a wonderful thing, but I never said that there weren't bugs elsewhere. But I have at least removed at least one very visible source of exploitable bugs.

        0 0 Reply
    2. big_D Silver badge
      Reply Icon

      Re: Removed.

      I deinstalled / disabled Flash back in January. Haven't missed it so far.

      1 0 Reply
  3. channel extended

    Flash Fixed!!

    Flash fixed!!! Now there is a recurring head line. How to fix flash easily, block and don't run!

    5 0 Reply
  4. Anonymous Coward
    Devil

    Foistware a thing of the past?

    No crappy toolbar option with the current download. Has Adobe finally got a clue?

    1 0 Reply
    1. Dan 55 Silver badge
      Reply Icon
      Trollface

      Re: Foistware a thing of the past?

      They wouldn't want to be associated with such shoddy software. When I say 'they', I mean the people behind the toolbar.

      8 0 Reply
  5. Pascal Monett Silver badge
    Flame

    the latest update introduces shiny features...

    No ! No, no and NO !

    You don't go putting in NEW features when the EXISTING features are a complete security mess.

    Every time I hear of a Flash update it's always "correcting" dozens of security issues.

    Finish the bloody job first, you morons, then TRY to add new features without inventing 400 squillion new security issues.

    8 0 Reply
  6. s. pam Silver badge
    Mushroom

    Would someone FUCKING KILL off Flash?

    For the love of all things holy, even MSFT killed off insecure rubbish (although consumers/companies ignored them).

    Flash is the Ebola Virus of the Internet!

    7 0 Reply
  7. steamnut

    It's time to kill flash forever

    This software is so patched that I doubt if they will ever fully secure it. The code quality of something so commonly used is palpable .

    Items like buffer overflow are easy to handle so there is no excuse for not identifying all of the possible problem areas and using defensive programming to prevent it.

    Clearly, Adobe code is poorly written and poorly maintained. Maybe they just don't want to spend the cash on a larger team?

    3 0 Reply
    1. Tromos
      Reply Icon

      Re: It's time to kill flash forever

      Spending cash on a larger team is the last thing needed. Use the same cash to get a much smaller but competent team on the case. Killing forever works too, with the advantage that it's quicker and cheaper.

      1 0 Reply
  8. Hairy Spod

    alternatives

    Genuine question, do the non adobe linux alternatives like Pepper Flash have the same vunerabilities?

    Am I better or worse off by using them?

    Are there any Windows alternatives for visiting legacy sites, or playing old off line stick men or line racer .flv files with?

    1 0 Reply
  9. Richard Lloyd

    Linux Flash player nowhere near version 19.x

    For some inexplicable reason, years ago Adobe decided that there'd be no new major versions of their Flash Player for Linux after 11.x. It's a strange decision because they are still patching 11.x anyway because it too has a shed-load of vulnerabilities. Note that Google Chrome for Linux does indeed include Flash Player 19.x (embedded into the browser) via a sneaky deal between Google and Adobe no doubt involving large brown envelopes of cash.

    They did a similar "we're not doing any more major versions" trick with the Android Flash player, but have dubiously refused to update it for security fixes since it was frozen at 11.1.115.81 a full two years ago! So if you prefer Android Firefox and want to see Flash content, you're stuck with a version that probably has 200+ vulnerabilities in it - way to go Adobe.

    3 0 Reply
  10. DJGM
    Megaphone

    Adobe Crash Player . . .

    . . . seriously needs to DIE already! Is Adobe ever going to do the web a HUGE favour and kill off this increasingly unstable, buggy, and massively insecure monstrosity? Somehow ... I doubt it very much.

    1 0 Reply
  11. x 7

    So.....if you install the Shockware player and then the Flash player, are the vulnerabilities in the first negated? Does the order of installation matter?

    0 0 Reply
    1. Robert Carnegie Silver badge
      Reply Icon

      To see Flash version

      http://www.adobe.com/software/flash/about/ tells you which Flash version (if any) is installed, and what the latest release is for various systems. Currently you don't want to have one less than 19.0.0.185. I think the Windows "Uninstall a program" dialog also tells you the current installed version.

      I'm not sure if there is a separate "update" page that performs the test first, or if it's the same one and they just change what's on it.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like