back to article Criminals exploit zero day Flash vulnerability

Adobe will this week patch a critical vulnerability in Flash Player that is being actively exploited in the wild. Not information is available on the exploit (CVE-2016-4117) ahead of the patch that is set for release from tomorrow. "A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier …

  1. Anonymous Coward
    Anonymous Coward

    Which Browser?

    Given that both MS and Google put Flash into their browsers these days, we're kinda left with Firefox as the browser of choice if you want to avoid Flash altogether.

    I don't know if flash being built in is safer; presumably it gets updated more regularly, and maybe sand boxed a bit better. Anyway, I've long since decided to go without Flash altogether.

    Running Firefox without the Flash plug-in is illuminating; there's a few major websites that casually and carelessly use it here and there. The BBC are one such website; some of their videos are flash, whilst most aren't. Why the mixture?!?!

    Surely Flash must die, and die soon.

    1. Michael Thibault

      Re: Which Browser?

      >Surely Flash must die, and die soon.

      And stay dead. That last part is the critical bit.

      1. Mark 85 Silver badge

        Re: Which Browser?

        Let's see... drive a stake through it's heart, sprinkle with garlic and holy water.. Wait that's a vampire.. this thing is more like a zombie. Shoot it in the head, then? All the above?

    2. Tessier-Ashpool

      Re: Which Browser?

      It's easy enough to completely disable Flash in Chrome. Type chrome://plugins. Disable as required.

    3. Gray
      Facepalm

      Re: Which Browser?

      Replaced Firefox with Pale Moon; have no Flash plugin installed. That's the "belt" part. Now, for the "suspenders" there's several "NoFlash" and "FlashKiller" extensions that can be applied. And a software trigger that activates a flashing blue light and a siren above my monitor whenever some intrusive thread attempts to insinuate Flash content into my web content. And a wooden stake, mallet, and garlic powder. And a silver knife.

      Enough? Here's hoping.

      1. Paul Crawford Silver badge
        Gimp

        Re: @Gray

        "Belt & suspenders" has a slightly different meaning this side of the pond!

      2. joed

        Re: Which Browser?

        FireFox or Palemoon have the "click to play" option built in allow Flash as needed (outside certain sites for what it seems). Actually some site (like youtube) will push flash on you for presenting uncommon user agent string (Palemoon).

        BTW, what's the purpose for your suspenders once you've eliminated Flash.

        The silver lining to Flash is how easy it is to block it (while still allowing site's scripts). Try this with html5.

    4. Anonymous Coward
      Anonymous Coward

      Re: Which Browser? - BBC

      It has been brought to their attention, however as with most inefficient monoliths don't hold your breath.

  2. Tchou
    Pint

    "updated Windows, Adobe Flash, and Internet Explorer"

    Wow, that's a decent part of the world!

    ... Grabbing popcorn and wait for the world to collapse (or not.. once again), my FreeBSD desktop can't have Flash...

    1. Voland's right hand Silver badge

      Sure it can

      my FreeBSD desktop can't have Flash

      Sure it can - just run any of the browsers as Linux emulation. Dunno why would one suddenly feel so masochistic to run a Linux version of something that is available in ports, but you never know.

      1. bombastic bob Silver badge

        Re: Sure it can

        there _WAS_ gnash, that used to "sort of" work, but doesn't seem to be keeping up with the moving target aka "standards". So after disabling flash entirely, I don't miss it at all.

  3. jonathan keith
    Mushroom

    Nuke it from orbit.

    It is, after all, the only way to be sure.

  4. Planty Bronze badge

    BBC

    The last company relying on flash. Perhaps it's time to make the BBC liable for losses as a result of flash exploits

    1. Anonymous Coward
      Anonymous Coward

      Re: BBC

      Given the millions of license payers money the BBC wasted on the Digital Media Initiative and is still spending on the "Agile" MyBBC project, it's a disgrace that they couldn't have spent a fraction of those sums and eliminated Flash from their web sites by now.

  5. Anonymous Coward
    Anonymous Coward

    can't resist

    Wasn't Adobe Flash supposed to be one of the early success stories with doing software development on a certain subcontinent?

  6. Innocent-Bystander*

    What?!

    Flash has security problems?

    1. channel extended

      Re: What?!

      Next they'll claim that ads are bad for you!!

  7. Anonymous Coward
    Anonymous Coward

    JUST DIE!! DIE DIE DIE DIE DIE ALREADY GODDAMN IT.

    If for no other reason than it is a constant warning that Adobe software is rubbish. Surely there has to be fallout to the Adobe brand from the never ending "Another hideous bug in Flash" stories.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019