Kill Flash: Adobe says patch to fix under-attack hole still days away Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week. With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, …
And will have rotted away by now. This has been going on for years. They should be prosecuted for intentionally trying to destroy western civilization, such as it is.
I'm missing the "follow the money" aspect, but do they get a few cents on every flash update they push out? WTF don't they just pull the plug?
The money angle is from the other side - creating Flash files; Adobe sell products to do that. There are other products that can do it as well, but the commercial offerings probably involve a licence fee being paid to them.
Kill the player, and that sales line is also gone.
"Actually MS's OS products have had fewer holes than competing options like OS-X, Redhat and SUSE every year for the last decade!"
That's because you compare a stripped down OS with a whole operating system. (Well except for OS-X, but compĺaning about that is like beating a puppy)
Actually MS's OS products have had fewer holes than competing options like OS-X, Redhat and SUSE every year for the last decade!
Ah, I see Redmond has woken up. Welcome back, where have you been? Budget cuts? Not doing so well lately because people don't upgrade even if you give it to them for free?
If you ever manage to make Windows out of the box as rich and as OSX and any Linux variant you can think of you may have a basic for comparison. Not that will end well for you then (which is why you try to avoid that)l, even if we avoid taking the relative costs into account too. We won't mention the license conditions either because that would so totally sink Windows that it would not even be worth talking about - we wouldn't want to discourage you before you have even tried..
Actually MS's OS products have had fewer holes than competing options like OS-X, Redhat and SUSE every year for the last decade!
.. but none of those have ever behaved like a true blue computer virus, because they have nothing to lose by leaving their users a choice.
It's about time we, as an industry, rejected Flash as a matter of policy. Flash is so riddled with problems that only a ground up rewrite can fix it and even then I doubt Adobe could do it.
The now weekly cost of implementing their "fixes" including dodging the unwanted opt-out drop-ware is no longer trivial. And yet we keep sucking it up - why?
How long before we get a Class Action Suit to finally take Adobe to task? This is a bigger problem than VW's clever code so why don't Governments take action?
Today's news: Vuln in Adobe Flash player.
Next week's news: Vuln in Adobe Flash player.
Next month's ne.......hell, do I have to spell it out?
As for "what's it for", you might want to ask the BBC why they still refuse to serve anything other than Flash video to PC clients, despite the fact that they'll happily provide other versions to platforms that do not support Flash. Incompetent wankers that they are.
Yep, the usual "some have no choice" thing for me because some companies seem utterly incapable of e.g. just listing my sodding phone calls FFS without some overblown fancy super management Flash app.
All I want to do is (a) see my calls/charges as originally printed on that simple one-page bill they used to bother to send before increasing profits by cutting out postage costs and (b) ideally get it to just email me (automatically, without having to log in and manually request it) an electronic equivalent of that simple one-page bill that once upon a time they had no trouble putting together and printing for thousands of customers in a single run.
I look forward to the arrival of a 'simple web page for simple people' option.
Yeah, Sage 100 2015 has this amazing thing they say we really can use to make our ERP experience amazingly simple...
Visual Workflow...
A sodding flash interface for their accounting package...
Which we don't use in our company...
Because we've eliminated Flash.
How to program like it was 2005, way to go Sage Software!
As the computing industry matures I wonder how long it will be before we see companies being held liable for problems like this. When the industry (and the Internet) was new it was all a bit wild west but now it's starting to mature I think people are starting to look at technology like they do the other things around them. What I mean is if you vacuum cleaner burst into flames and burnt your house down because of a design fault there's liability there. If your flash player allows miscreants to access your bank account details because of a design fault is it really fundamentally any different? How much liability can a producer shed using an EULA. In the case of software it seems to be a lot more than for physical things.
"How much liability can a producer shed using an EULA."
Nowhere near as much as they attempt to tbh; generally speaking, when a EULA is examined by a court, it's found to contain dozens of unlawful clauses and so can't actually be enforced. Steam ran into this in Europe; their original EULA rejected any sort of refund out-of-hand, which is flat-out illegal in the EU. Steam then climbed down. Similar things are probably the case for most others.
I'd be interested to see what happens to, say, Google if someone challenged their end-user agreement, since the amount of data they keep is probably far outside the boundaries of European legislation (hell, in Google's case there's successful cases where people have shown it's outside US law).
I doubt that "putting through the court system" is likely to make the average EULA understandable to the "person of reasonable skill". After all, I've rarely seen a patent that the inventor could really understand once the lawyers got through with it, and sane people have no way of understanding how U.S. "civil forfeiture" could possibly be legal.
That said, that "200 page" EULA for Flash is probably only 15 or so pages in English. The rest consists of various translations, of which Adobe apparently feels Arabic is the most important. They always place me on that page and I have to skim the file to find English.
Combining the apparent difficulty of writing comprehensible legalese and the nuance of translation to multiple languages, it would be interesting to know what that Arabic version binds me to that the English version does not.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
