back to article Adobe rushes out patch for all-platform Flash vuln

Adobe has fixed a potentially serious cross-platform security bug in its Flash Player software with an out-of-sequence security update. A series of patches for different platforms, published on Sunday, tackles a cross-site scripting vulnerability in Flash. Adobe Flash Player version – and earlier across a range of …


This topic is closed for new posts.
  1. Anonymous Coward

    Fecking flash

    how many fecking "updates" do I need in a month. I've lost count of the number of times I have logged into a PC to be greeted with that fecking message about an update being ready.

    Even the not-at-all-PC-aware Mrs has noticed that "This Flash thing always needs updating".

    1. BristolBachelor Gold badge

      Fecking fecking flash

      And just to make it even better, you seem to need administrator rights to update it (at least on IE); Yeah!!!

      Also fecking, why isn't it fecking dead yet? It's lasting longer than fecking SCO group :(

    2. The BigYin

      I see no issue

      Regular updates mean a secure system. The more the better.

      Just let your package manager handle the updates for your OS and installed apps, authenticate once, all done. You don't even need to reboot unless the kernel changes.

      1. peter 45


        "Regular updates mean a secure system. The more the better."

        Let me just correct that for you.

        "Regular updates mean an insecure system. The more updates, the more insecure it is".

        1. The BigYin

          @peter 45

          No system is 100% secure. None. So a system will always starts out with, say W problems. Over time X more are found for any given time period t. So the total number of faults is W + Xt. This number grows with t.

          Fixes, Y, for those problems are released. So the total number of faults is now W + t(X - Y).

          Ah, but wait, those fixes may introduce some other issues, Z, so the total number of faults is W + t(X -Y +Z) where Z is some fraction of Y...say f, so Y is fY

          W + t(X -Y + fY) which si W + t(X -Y(1-f))

          So long as Y(1-f) > Z then a patched system actually gets more secure as time goes on rather than an un-patched one, because more are holes are getting plugged than are being discovered/created.

          Just because Windows makes keeping a system up to date a raging pile of ball-ache does not make a highly patched system a bad thing. So long as those patches fix more problems than they cause.

          1. peter 45

            Load of round dangles

            Cannot fault maths. Assumptions and logic on which maths is based is utter tosh.

            To test the logic, test an extreme example. Plug in numbers for code that contains some vulns, and plug in the numbers for code containing nil vulns. According to your logic, because the perfect code is never patched (which of course it would never need to be), it is the more vulnerable system.

          2. peter 45

            PS Logic break here

            In case you did not spot it.

            "a patched system actually gets more secure as time goes on rather than an un-patched one"

            It itself a true statement, but based on the assumption that you are comparing code with the same (approx) number of vulns at the outset.

      2. Anonymous Coward
        Thumb Down

        Windows :(

        Most people are still using Windows, remember. That means ten or so resource hogging bespoke-written app updaters all starting up and lurking in the system tray, popping up heavily skinned windows at random intervals demanding an update, then proceeding to install Yahoo! toolbar because you missed a checkbox somewhere along the multi-screen update-confirmation-and-license-agreement process. After a couple of reboots (Stage 1/3... stage 2/3... stage 3/3). Or just failing because they they can't write to Program Files like they expect.

    3. xenny


      Use Chrome, and uninstall all the standalone flash players. The Chrome automatic updater is discrete, and you need never worry about flash patching again.

  2. Oninoshiko


    I just got done writing up the package for OpenIndiana, not I have to redo it -_-.

  3. Tim Hale 1


    I built a new PC yesterday, installed Flash and it's already out of date? I appreciate a rapid response to vulnerabilities but can't they just write a decent version? Again, I know things move on and new attacks are coming all the time but seriously, Flash is the swiss cheese of software. They need to get their act together. Of course, as long as people 'rely' on it and it's seen as being vital, they've got little incentive to improve things. Now, if enough people started saying they weren't going to install Flash because of it's shortcomings they might do something.

  4. Anonymous Coward
    Anonymous Coward

    Sources of exploits

    I always thought Flash was the biggest source of exploits too until I saw Microsoft's Security Intelligence Report [1] (Figure 6), which indicates that Java exploits are much more common (by at least an order of magnitude).

    [1] -

    1. Paul Crawford Silver badge

      @Sources of exploits

      Interesting report, but part of me is a trifle suspicious of MS reporting on their own problems. I would be more interested in reading 3rd party assessments.

      I guess the other aspect is there are probably far more PCs with Flash installed than Java, so more targets? Also a favourite has been that other piece of crap, the Adobe Reader & its PDF browser plug-in.

      Back to today's rand - why can't Adobe sort of their software? It must be only a fraction of the code base size of Windows, and yet they make MS look like the golden boy of security by comparison.

  5. Version 1.0 Silver badge


    Maybe this is why the wife's PC has just gotten two fresh copies of Malware Defender in two days? The last one after she opened a page on the Daily Mail ... and I'd only just finished cleaning the Damn thing last night.

    And this on a fully patched version of XP while running the current release of Firefox and SpyBot Defender - all updated last night.

    1. heyrick Silver badge

      Hey, if it weans her off The Mail...

      ...then that's a good thing, right?

      1. Version 1.0 Silver badge

        upgrading wifes web site habits

        She's now reading FARK - I view this as an improvement.

  6. J. R. Hartley Silver badge
    Black Helicopters


    I long for the day when I can uninstall every fucking Adobe program for good.

  7. Anonymous Coward


    come on html5, get yourself in here!!

    1. Anonymous Coward

      Oh really?

      And how many times did you update your browser in the last month or two?

  8. Anonymous Coward
    Anonymous Coward

    Painting the Forth Bridge

    I've just finished updating the 4500 machines I manage, just to find another update.......

    Oh goody.......

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019