back to article Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking. The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems. An upcoming update to squash the critical bug makes it three …

  1. Binnacle
    Thumb Down

    Flash be gone!

    After the last two 0-days, I read with joy that

    YouTube has tipped the balance away from

    Flash and to HTML5. Installed Firefox 36 beta,

    *uninstalled* Flash from *every* system, and

    disabled IE-bundled Flash in the group policy

    for good measure.

    Time for everyone to uninstall this vermin

    infested corpse!

    1. Anonymous Coward
      Anonymous Coward

      Re: Adobe be gone!

      FTFY.

    2. Anonymous Coward
      Anonymous Coward

      Re: Flash be gone!

      Steve Jobs was on the right track banning Flash from the iPhone.

      I wish that Google had done the same with Android then far more users would experience life without Flash.

      Even the windows 10 preview comes with this piece of shite embedded.

      Begone I tell ye, begone.

      Adobe should announce a retirement date for it. Say 90 days. Then consign it to the bitbucket in the sky.

      1. Charlie Clark Silver badge
        Thumb Down

        Re: Flash be gone!

        Jobs used security as excuse. The ban was all about making sure people would only rent videos from the app store using Apple's DRM system.

        1. Mark 85

          Re: Flash be gone!

          You are correct but the result is that the iThingies don't have Flash and all that comes with it.

          1. Anonymous Coward
            Anonymous Coward

            @Charlie Clark

            Really? That must be why the iPhone wasn't one of the first to support HTML5 video. Oh wait...

            1. Charlie Clark Silver badge

              Re: @Charlie Clark

              That must be why the iPhone wasn't one of the first to support HTML5 video.

              It's arguable that the Apple's products still don't properly support HTML5 as they only support one codec and container format. When writing the HTML you have to take Apple's idiosyncrasies into account and put its favoured formats first otherwise it won't work. The support in the browser was a side-effect of the implementation in I-Tunes. I'm not saying that browsers aren't better off without plugins like Flash, and I'm pretty glad Apple used its muscle to encourage others to change, but their motivation was mainly anti-competitive.

              Remember the trailer for some product launch or other a couple of years ago that Apple implemented as a series of JPEGs controlled by Javascript? And have you seen how few other HTML5 bits have been adopted by Apple? Especially since Google forked WebKit? Now that it has its walled garden* Apple is no longer interested in developing the web.

              * Something that millions are people are happy with.

  2. Gotno iShit Wantno iShit

    Uninstalled

    This is officially my toys out of pram moment with Flash. I am sick of unselecting crapware, selecting bloody notify only, closing tabs before the sodding 'you may also be interested in' adverts appear and all the rest of the shit. I only still have it because TomTom insist on it. Poke it Adobe. Poke it TomTom if you don't get rid on Flash before my next renewal.

    And, breathe.

    1. Dan 55 Silver badge

      Re: Uninstalled

      Click-to-play might help your blood pressure, or disable it completely in the browser but keep it installed for TomTom.

  3. Nick Ryan Silver badge

    bbc.co.uk

    Are you paying attention? Please, please, get rid of the useless and annoying reliance on Flash for video.

    It's the only reason I might use flash other than the odd backwards site "requiring" it for multiple file uploads.

    1. This post has been deleted by its author

    2. vagabondo

      Re: bbc.co.uk

      Chromium + Pepper-flash + AdBlock + Ghostery + ScriptBlock

      Works for me with iPlayer and STVplayer, etc.

      1. Nick Ryan Silver badge

        Re: bbc.co.uk

        It's not so much iPlayer, it's all of the videos on their website. They all seem to "require" flash for some very annoying reason.

        1. Charlie Clark Silver badge

          Re: bbc.co.uk

          It's not so much iPlayer, it's all of the videos on their website. They all seem to "require" flash for some very annoying reason.

          And that reason is called DRM and is required by the licence holders. For many things it's that or no video.

          For some platforms there is something called the BBC Media Player which presumably handles the DRM instead of Flash or Silverlight.

          1. Anonymous Coward
            Anonymous Coward

            Re: bbc.co.uk

            BBC Media Player on Android uses Adobe AIR. AKA Flash. Because it works.

  4. Chas
    Unhappy

    The govt's Learn My Way website, which people can use to learn how to drive a computer at their own pace. heavily relies on F***h. Until this kind of interactivity is completely rewritten, the abomination known as F***h will continue to exist.

    Arse!

  5. Anonymous Coward
    Anonymous Coward

    Oh come on everyone..

    it's only a little download. Lets keep calm and carry on. I mean, it's not as if you have to cut off a body part everytime you have to patch is it?:*)

    1. Destroy All Monsters Silver badge

      Re: Oh come on everyone..

      It's just a flashwound! Oh, oh, I see! Uninstalling me, eh? You yellow bastards!

  6. Steve Loughran

    uninstall it -and hope chrome keeps up to date

    As google chrome builds flash in, if you have chrome, you have to rely on google to keep it up date.

    and if you do have chrome installed, then every other browser you have are just going to have to learn that flash is uninstalled. Just do it! One walk round a house cutting it from 3 laptops and 2 desktops and my life is better. I don't have to worry about these 0-days, just despair at Adobe's eternal insecurity.

    1. Binnacle

      Re: uninstall it -and hope chrome keeps up to date

      Chrome has a superior "PepperFlash" sandbox (Google strong-armed Adobe into supporting it) that has prevented the recent 0-days from breaking out of the browser process. Worst case is a temporary infection of a padded cell with no access to anything. An occasional browser restart will vanish any that might get so far.

      Flash is integrated into IE 10 and IE 11 (where M$'s lame sandbox has prevented nothing). Search on "group policy disable flash" for a procedure that absolutely prevents Flash from running in IE. I prefer simply setting "Deny all add-ons unless specifically allowed. . ."

      1. Anonymous Coward
        Anonymous Coward

        Re: uninstall it -and hope chrome keeps up to date

        "Chrome has a superior "PepperFlash" sandbox (Google strong-armed Adobe into supporting it) that has prevented the recent 0-days from breaking out of the browser process."

        Have you seen how many security holes Chrome itself has had though? Way more than IE + Flash put together.

    2. Binnacle

      Re: uninstall it -and hope chrome keeps up to date

      I once ran Chrome in lieu of IE when Firefox had trouble rendering a site, but lately have not required it. For Chrome users who loath Flash despite the PepperFlash sandbox, it can be disabled in the "about:plugins" or "chrome://plugins" page.

  7. Glenn 6

    Webmasters: PLEASE STOP REQUIRING FLASH! I do not want Flash on my workstations but I have to because there are sites staff need that require stupid Flash.

    Tell your marketing boneheads who want pretty animations that there are other ways to do it.

  8. GreggS

    Flash

    AAAAAAAAHHHHHHH!

    1. Destroy All Monsters Silver badge

      Re: Flash

      Orifice of the universe!

      1. 's water music

        Re: Flash

        Dispatch war rocket Ajax. You know why.

  9. Andy Non Silver badge
    FAIL

    Thanks for the heads up El Reg.

    I've removed flash from all my computers. Enough is enough.

  10. David Kelly 2

    Death to FLASH!

    Can't come too soon.

    1. Mark 85

      Re: Death to FLASH!

      I agree. Let's organize a flashmob to surround Adobe HQ while holding rakes, shovels, and torches, while screaming "Kill the monster!!? I opt for Gene Wilder and Peter Boyle to be standing in for Adobe Management and to look down from the ramparts wondering what all the fuss is about.

      1. asdf

        Re: Death to FLASH!

        >Adobe Management and to look down from the ramparts wondering what all the fuss is about.

        Even they have agreed flash is garbage and HTML5 is the way of the future. The HMS Legacy can be a very very large and slow ship that even its captain can't control sadly.

  11. sabroni Silver badge

    Why the dig at IE?

    I got the last flash patch (for IE) as part of Windows Update.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why the dig at IE?

      because it's trendy and hip to do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like