back to article Thirty five Flash Player holes plugged (and there's one quick fix)

Adobe has patched 35 security vulnerabilities in its Flash Player, all but one of which could lead to unexpected code execution. The fixes relate to vulnerabilities including 15 use-after-free, eight memory corruption, and five type confusion bugs. There are five code execution flaws relating to buffer overflows and a lone …

  1. Captain DaFt

    Article that'll never happen:

    Adobe Announces No New Flaws Found In Flash This Month

    1. Dan 55 Silver badge

      Re: Article that'll never happen:

      Perhaps it could be like the old SNL gag that they did every week...

      "Adobe's Flash plug-in still has security holes."

  2. Antonymous Coward
    Mushroom

    A thought...

    How about you STOP splattering that shit into your articles Reg?

  3. Anonymous Coward
    Anonymous Coward

    The problem with your alternate fix is that some of us have jobs to do, and the tool we have to use is Adobe Flash.

    1. Anonymous Coward
      Anonymous Coward

      The problem with your alternate fix is that some of us have jobs to do, and the tool we have to use is Adobe Flash.

      The agricultural industry said the same thing about DDT years ago. In years to come, we'll be wondering what loon let that crap out on the Internet.

      1. Mark 65

        The problem is also that there are plenty of educational sites for kids that are paid and mandated by the education system that use flash. You know, the ones where they are set tasks as homework that require completion. I wish they didn't use the shit but it means I have to have at least one machine with flash on it and, no, it's not a VM as the kids don't get to use the main computer.

        1. Dan 55 Silver badge

          Firefox can deny Flash for everything (plug-ins tab in the window that opens when you choose the add-ons menu option) except for the sites you enable it for in the page info menu option.

        2. Vector

          @Mark 65

          "The problem is also that there are plenty of educational sites for kids that are paid and mandated by the education system that use flash."

          You might show your school district a few articles like this, point out that their continued mandate is putting your privacy and "your children's safety" at risk and suggest that they remove the mandate in the short-term while they find non-Flash alternatives for the long term.

          It's long since time for Flash to die!

    2. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Early 2000's it was the only reasonable way to play video in a browser and the only way to broadcast your camera/mic.

        I used to work in the "webcam" industry ( nudge nudge ). Even 5 years ago, Flash was the only tool we could realistically use.

        Some of Flash's unique features only got replaced with JS/HTML very recently. My current employer is phasing out our requirement for it, but development cycles are long. These things take time.

    3. channel extended

      Don't Worry!

      Users will soon stop using Flash and then the company will not be able to survive. This will result in a job search for you, where you can learn new skills!!

    4. Michael Wojcik Silver badge

      The problem with your alternate fix is that some of us have jobs to do, and the tool we have to use is Adobe Flash.

      Good luck with that argument around here. "I don't need Flash, so no one needs Flash" is one of the tenets of the Reg religion.

      1. Anonymous Coward
        Anonymous Coward

        Good luck with that argument around here. "I don't need Flash, so no one needs Flash" is one of the tenets of the Reg religion.

        It happens to be an opinion shared by some of the browser makers. How else do you explain Edge's plug-in hostility (Flash disappearing will only be a matter of time there) or iOS Safari's inability to run Flash?

        The web browser world has seen how harmful proprietary solutions have been to making content accessible, and are now moving towards doing away with them now. The sun is setting on Flash, it is time to move on.

  4. big_D Silver badge

    I removed / disabled Flash from my machines at the beginning of the year. I haven't found a need to reinstall yet - only things like video at the BBC or adverts fail to load.

    1. LaeMing
      Go

      Yes

      I pulled it from my home machine two weeks ago. The most surprising thing was that a whole bunch of entertainment sites I visit in the evening still work fine. (I have to pop over to youtube when Cyanide&Happiness do a video, but then... I had to before with flash installed anyway because the off-the-site performance was flakey for some reason.)

      It is now gone from my work machine for over a week and I haven't noticed either.

    2. Anonymous Coward
      Anonymous Coward

      BBC in the dark ages

      re only things like video at the BBC

      Quite and why havent they spent some of the license payers tv tax on converting to html5?

      Please feel free to ask them why, but dont expect a quick reply.

      1. Anonymous Coward
        Anonymous Coward

        Re: BBC in the dark ages

        BBC is an agency of the state. Its raison d’être is to keep the plebeians placid by means of carefully tuned propaganda. I doubt its political masters see using it as a watering hole via which to slip the odd more "subversive" pleb the odd trojan here and there as in anyway contrary to that purpose.

        1. Anonymous Coward
          Anonymous Coward

          Re: BBC in the dark ages

          @AC

          Work for Rupert Murdoch do you ?

          1. Anonymous Coward
            Anonymous Coward

            Re: BBC in the dark ages

            Really 6x7=494, having a realistic understanding of the function of state broadcasters automatically makes one a disciple of some other organisation? Perhaps you should re-evaluate your cognisance.

      2. Ole Juul

        Re: BBC in the dark ages

        Please feel free to ask them why

        But dont expect a quick reply

        Rupert Bear?

      3. Detective Emil

        Re: BBC in the dark ages

        If you fix your browser to tell the BBC It's an iPad, videos play fine. The user agent string you need is

        Mozilla/5.0 (iPad; CPU OS 8_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B410 Safari/600.1.4

        1. Anonymous Coward
          Anonymous Coward

          Re: BBC in the dark ages

          Why is it so difficult for the bbc to detect flash is not available, and serve html5,

          obviously very difficult

          Pathetic.

    3. Adam 52 Silver badge

      Have you managed to make YouTube work?

      1. Mark 85

        Youtube works fine for me with IE10 or Firefox and no Flash. It was sanitized quite some time ago.

    4. thames
      Happy

      I stopped installing Flash on my own PC years ago, at least a decade. I don't miss it. A lot of web sites simply detect if you don't have Flash and use a different format. For the very, very, few that don't, there's nothing in Flash on those sites that I would care about anyway.

      Before Youtube switched to not using it (it was phased out slowly), I used to use a video downloader program to simply download the videos and play them locally instead of in the browser. It's been a while since I've had to do that though.

      The positive side of this was that I've seen nothing of the Flash ads that everyone is always complaining about. I've had 90% of the benefit of ad blocking without having to block ads. The negative side of the anti-Flash campaign is that a very small number of ad vendors have started using HTML5 to do the sort of annoying ads that they typically use Flash for. When the ad vendors drop Flash, I will be very sad indeed. I hope that browser vendors will take this into account and give people the opportunity to block third-party animations and video without having to block "normal" ads.

      1. Anonymous Coward
        Anonymous Coward

        If *ALL* the browsers weren't pwned by the ad slingers, it'd be possible to individually filter *EVERYTHING* on a first/second/third party basis ("first" being local):

        • plugins
        • frames
        • images
        • canvas
        • cookies
        • scripts
        • EVERYTHING...

  5. This post has been deleted by its author

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    So they fixed a lot of holes..

    .. but they MUST be introducing new ones as they go along or this would have become less and less of an issue. I have no idea what the hell these people do, but as far as I can tell they have no business writing consumer software. Unless, of course, they're having a deal with one of those shady agencies to wilfully be a source of vulnerabilities - after all, profit is profit.

    My pet hate is the downloading installer. It means your anti-virus is checking an executable that is not actually the one that is eventually installed. I *seriously* dislike that.

    1. steamnut

      Re: So they fixed a lot of holes..

      And let's not forget the extra anti-virus payload that you get if you forget to untick the box. It's about time theses defaults were stopped. If you already have Avast/AVG then McAfee is the last thing you want to add..

      1. John Hughes

        Re: So they fixed a lot of holes..

        I̶f̶ ̶y̶o̶u̶ ̶a̶l̶r̶e̶a̶d̶y̶ ̶h̶a̶v̶e̶ ̶A̶v̶a̶s̶t̶/̶A̶V̶G̶ ̶t̶h̶e̶n̶ McAfee is the last thing you want to add.

  8. Anonymous Coward
    Anonymous Coward

    User base is still huge...

    Can you suggest non-Flash alternatives for..

    1. Virgin Anywhere..?

    2. BBC iPlayer & Live TV? Telling it you have an iPad shoves lower resolution video at your browser :(

  9. Iain 14
    Facepalm

    Another update due soon?

    Surprised it hasn't been mentioned yet, but the the Flash Player update that has just been forced on Windows 8.1 and 10 running IE 10 and 11 is the debug version of 18.0.0.232.

    The Adobe help forums are already full of puzzled users wondering why they're suddenly being deluged with alert boxes. Expect a Windows update to follow soon...

    1. Iain 14

      Re: Another update due soon?

      ...And sure enough, the latest updates have fixed it. IE is now running the standard (i.e. non-debug) version of 18.0.0.232....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like