Adobe preps emergency Flash patch for bug hackers are exploiting Adobe will this week issue an out-of-band patch for Flash after spotting a critical flaw that is now being "actively exploited" in the wild. The flaw, CVE-2016-1019, affects Flash Player version 20.0.0.306 and older for Windows, OS X, Linux, and Chrome OS. Adobe made the jump to patch after learning that users of Windows 7 and …
It doesn't work on all devices. (Presumably I need to reverse engineer something to figure out what unmentioned dependencies are missing on my (ARM-based) laptop, but at the moment the beta just says "Sorry, but not all device types are supported and guess which group you fall into.".)
I appreciate that this isn't necessarily the fault of the BBC's code, but I hope the error messages in the final product are significantly more helpful.
The /only/ justification for Thrush Flash is:
1) Chainsaw The Children - http://www.newgrounds.com/portal/view/71851
2) Club A Seal - http://www.newgrounds.com/seals/
3) Disorderly - http://www.newgrounds.com/portal/view/121896
4) Ishkur's Guide To Modedrn Music - http://techno.org/electronic-music-guide/
Seems a lot of news sites are changing the way they look and feel to "improve the user experience" yet all their videos still need Flash. I guess they haven't received the news that HTML5 is better because.... well... no Flash?
And no.. a thousand times no... I will not ever install Flash...
I think the best thing happened was iOS never supporting it
Uh oh. You know that implying that Jobs was right in any way, shape or form is considered sacrilege by some, don't you?
Originally I had the impression they were so busy keeping up with patching that they never managed to rewrite it properly, but I've since realised that the latter is simply beyond the ability of Adobe.
Let's call it Flush, shall we?
I must admit it's hard to understand how anybody ever was able to program anything that has needed as much patching as Flash. To some extent I can understand that a OS like say Windows, a work in progress, needs some patching, but a damned player, is just beyond me, totally.
It is a damn full featured programming language, that today is used only as a player. If they had an option to download a hamstrung version that could only play videos it wouldn't have been banned from iOS by St. Jobs[*] and would probably still be used by many people since it wouldn't be such a security nightmare.
[*]Even those who hated him should nominate him for sainthood for his role in helping hasten the fall of Flash, as the success of iOS forced web sites who wanted to be accessible to iOS devices to rework their site to function without Flash years before they otherwise might have.
"Even those who hated him should nominate him for sainthood for his role in helping hasten the fall of Flash"
To be honest looking back and the fact that it seems Flash will be with us for at least another 3-4 years, it might be he helped hastened it's demise by all of 3-4 months. His actions really didn't do much at all with hindsight.
All he did was made a few people uninstall it really.
Those who update systems in bulk don't want their adware-laden installer stub. We need a no-frills installer that fixes the bug of the month. For some reason they don't like it being available to anyone who needs it so it is going away.
From the download site:
"This page and the download links will soon be decommissioned and will be replaced by a new Adobe Flash Player distribution portal that will require a valid distribution license to access."
https://www.adobe.com/products/flashplayer/distribution3.html
That shows they are really in tune with what their users really need!
One just has to register for distribution rights, once, for free. Took me about 2 minutes to fill in the form and get an automatic response. Yes, it's mildly annoying that they're taking away the old enterprise download links, but it's not difficult to use the replacement - I've been doing so for months.
"One just has to register for distribution rights, once, for free."
But it's still something that shouldn't be necessary at all. Plus it requires submitting an email address, so make sure you use a disposable one so that it doesn't get leaked when Adobe's servers get breached again.
Plus it requires submitting an email address, so make sure you use a disposable one so that it doesn't get leaked when Adobe's servers get breached again.
Well done. Your motives are not quite on the button, but at least you have defrayed some of the not-free aspects of "free" (your personal details so they can spam you and resell them to others).
Let me repeat this here:
THERE IS NO SUCH THING AS "FREE", at least not from any organisation that turns a profit. Translated: every time any corporate goon uses that word you're well advised to be wary because you're being lied to - it simply means you're paying in a different way.
Time to name-and-shame and pester those prominent organisations still using Flash exclusively, with no HTML 5 option.
Hint: BBC web site, especially news (fed up having a big black box obscure every photo with a video link that says "You need to install Flash Player to play this content. Download Flash Now".
Since when did the BBC take up being a Malware advocate?
I'm running vanilla Firefox on Windows and yet YouTube insists on showing me the Enable Flash plugin box despite the html5 page saying html5 is supported.
The whole web video area is still a mess.
I guess until the DRM issues get resolved content providers will continue to use Flash despite all its flaws and the vast majority of viewers won't care.
I notice you say "YouTube insists on showing me the Enable Flash plugin box" rather than suggests you download it. Since I don't have Flash installed and I get neither, I suspect the problem is that you do have it installed but not enabled. YouTube asks for Flash in the first instance, and the browser says "Yes, I have that..." and asks you to enable it.
If so, unless you actually need Flash for something, get rid of it completely.
BBC is the ONLY reason we still have flash installed on our kit. At least with Windows10 (and 8) flash updates are deployed via windows updates so you don't need to do much to keep it patched. For windows 7 we use sccm-scup but that does take a bit more effort.
Please die soon flash.
Yup, BBC web site is one of the worst that I also use with the same results, black boxes obscuring photos and vids. Leaves MUCH to be desired..come on BBC, get your finger out! The BBC HTML5 transition seems to be taking forever..
A name and shame web site list would be a nice global White-hat website.
What's even more annoying is, just by running tcpdump on my gateway router and capturing traffic to an android device with BBC News application on it, and choosing some video link:
# tcpdump -w /data/bbc.pcap -ni br0 tcp and port 80 and host 10.2541.41
After extracting the HTTP stream using WireShark I get an MP4 link that works from the desktop browser (warning: Trump alert!)
http://vod-pro-ww-live.edgesuite.net/mps_h264_med/public/news/uk/1236000/1236264_h264_800k.mp4?__gda__=1459975778_b9446e43a54966444d4526b615dd2e30
So, there is absolutely zero reason not provide same via the web-site - and don't let the 'anti-Beeb' get away with arguing security by obscurity is somehow equivalent to geographical region-denial or 'anti-piracy'.
Since when did the BBC take up being a Malware advocate?
You've never tried to use the BBC iPlayer, I take it? It's the only application I know that is capable of locking up OSX to the point where it needs a hard reboot as even a "force kill" has no grip on it (another reason why I really, REALLY, REALLY dislike installing anything made by Adobe with admin rights).
As it is based on Adobe Air, I would say that qualifies as malware all by itself.
Seems like there are more points of attack these days than a porcupine with inverted quills. The digital world is untrustworthy but we have to keep on pretending that it is. What choice do we really have anymore ? El Reg readers are more aware than most people but all that means is the odds are in the favor of the bad actors.
Die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die, die.
Yours,
Everyone.
Their Reader doesn't bother me much - there are superior alternatives and I never had PDF in browser display enabled anyway. Flash is quite another matter though - I have it set to "always ask" and no day passes when I'm not forced to activate it multiple times a day or forego the use of the site in question completely. IT'S STILL FAR FROM BEING OPTIONAL, if one fancies visiting other sites beside El Reg and Youtube (actually, Youtube _needs_ Flash in Firefox on XP since HTML5 is only supported there as webm, of which there are exactly zero videos on the net, Youtube included)
Still have FF installed but using Chrome all the time now. Fired up the Fox and went to http://flashbuilder.eu/flash-player-version.html. Had to enable a script and activate the Flash plug-in. Then I got this:
YOUR FLASH VERSION IS 21.0.0.197THE LATEST VERSION AVAILABLE IS 21.0.0.182
The whole Flash ecosystem is whacked!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
