Adobe Confirms Major New Flash Vulnerability Affecting All Versions; Only Uninstall Protects Users

[dgstorm]

Can we just kill off this crappy software for good? Another major vulnerability has been found in Adobe Flash player, and confirmed by Adobe themselves. This latest problem actually affects all versions of Adobe Flash, across all Flash platforms (Windows, Mac and Linux). This new exploit can cause a system crash and potentially allow an attacker to take control of the affected system.

Adobe shared that they hope to have a fix for the vulnerability next week. What's even more egregious about this latest Flash security problem is that the only way to 100% protect yourself is to literally uninstall Flash Player from your system. Just... stupid.

Trend Micro were the first to find the vulnerability and report it. Here's a quote from them with more of the details,

In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events, with the email subjects containing the following topics:

“Suicide car bomb targets NATO troop convoy Kabul”

“Syrian troops make gains as Putin defends air strikes”

“Israel launches airstrikes on targets in Gaza”

“Russia warns of response to reported US nuke buildup in Turkey, Europe”

“US military reports 75 US-trained rebels return Syria”

It’s worth noting that the URLs hosting the new Flash zero-day exploit are similar to the URLs seen in attacks that targeted North Atlantic Treaty Organization (NATO) members and the White House in April this year.

Source: Trend Micro

 

[Dusty]

Good bye Flash. You had a good run, though.

I bumped flash off of all of my professional/personal sites a while ago HTML5 is MUCH better. It was a ridiculous pain in the rear to create Flash content anyway, I didn't like it at all.

 

[xeene]

Never had problems with flash. A lot of sites still use it, so I'm keeping it installed on all platforms. Chance of me getting a flash virus vs stumbling on a flash content that I need on the net is like hitting a mega millions jack pot. I think I'm safe.

 

[Vepaot]

Flash is like the Internet's version of gasoline. We all know we shouldn't be using it and there are better methods out there to achieve the same goal, but it's still around and people continue to use it regardless.

 

[akhenax]

Just uninstalled it on my PC. There, problem solved.

 

[Dusty]

If you use Chrome browser you can also install the FlashBlock plug-in. It disables Flash on a webpage and only shows an icon in its place. If you select the icon THEN it will allow that specific instance of Flash to run.

 

[liftedplane]

Flash is like the Internet's version of gasoline. We all know we shouldn't be using it and there are better methods out there to achieve the same goal, but it's still around and people continue to use it regardless.

exactly, and there are so many legacy sites and games that will NEVER use anything but flash... there has to be a solution, a built in flash emulator for those or something.

 

[dgstorm]

exactly, and there are so many legacy sites and games that will NEVER use anything but flash... there has to be a solution, a built in flash emulator for those or something.

Those sites need to step-up and recode their software with HTML5. I don't see any other solution besides that. Flash just needs to be eradicated from the Internet completely.

 

[dgstorm]

It looks like Adobe worked quickly to nail down the issue. They apparently already have fixed the vulnerability.

Source: ADOBE (1), (2)

 

[liftedplane]

Those sites need to step-up and recode their software with HTML5. I don't see any other solution besides that. Flash just needs to be eradicated from the Internet completely.

you completely miss the point, old flash games can't simple be switched to html5, they have to be completely rewritten. most of these old flash game sites support html 5 but the games themselves need to be preserved in some way. that's what I'm saying.

maybe something server side that allows flash games to be ran sans flash.
I read a very poignant article about just this earlier I'll post when I find it.

 

[liftedplane]

here's the article, it's from kotaku

The Death Of Adobe Flash Is Coming, And Game Developers Are Worried

 

[Dusty]

Being a platform for aging games is hardly an argument for cherishing flash. I'd sacrifice all of those games in a... split second... for a better web experience over all. I was in flash's corner for a long time because I had invested so much time in learning it, but after learning HTML5 (still have a long way to go before being really good though), flash can beat feet.

 

[liftedplane]

Being a platform for aging games is hardly an argument for cherishing flash. I'd sacrifice all of those games in a... split second... for a better web experience over all. I was in flash's corner for a long time because I had invested so much time in learning it, but after learning HTML5 (still have a long way to go before being really good though), flash can beat feet.

I feel like some people don't fully read comments.

I'm not a proponent of flash, it crashes, it's aged, it is an absolute pain in the ass.

HOWEVER we still need to find a way to preserve it. There's SO much out there that should be preserved. I'm talking about a solution for that... something server-side that maybe streams the content and allows it to play while not actually being flash on your PC. Kill flash for consumers but find a way to make it backwards compatible with html5

 

[Dusty]

I feel like some people don't fully read comments.

Sorry about that, I probably only read it with half of my brain turned on. That was written after doing stuff for work for 36+ hours with an hour and a half of sleep tossed in somewhere.

 

[UrbanBounca]

I don't mind Flash. There are vulnerabilities in every piece of software, but Flash has been getting the brunt of it recently because there is a much less developed alternative. If you are scared of being targeted, get rid of it. However, I've had it, and still use it daily, and never had an issue. The chance of you being targeted and attacked is still much too low for me to care.