Tag Archives: Adobe Flash

Why Won’t Adobe Flash Die?

Adobe just released another large patch release for Flash that includes 19 patches.  One of the patches is for a zero day exploit that Adobe says is being exploited in the wild.  This brings the patch total for 2015 to a little over 300.

I made a decision a couple of months ago to disable Flash in Chrome and Firefox, the two browsers that I use, just to see what the impact would be.

First, I like the way Firefox handles it better than Chrome’s handling.  Firefox gives you three options – enable, disable or ask me.  Chrome does not have the last one, so if you disable Flash and you go to a web site that needs it, your experience is that the page seems to hang.  Not very friendly.  In Firefox, you get a link that says  do you want to activate and if you do, do you want to activate it just once or forever.  I really like the friendliness of this approach.

In reality, there have been very few sites that don’t work.  What I really miss is those ads with dancing bears.  NOT!  Those don’t appear.

So my suggestion is to install the update, but set it to not run automatically.

Oh, wait, I forgot.  If you are one of the 12 people that still use Internet Explorer, it appears that you are out of luck.  I’d change browsers.  From Windows 8 on, Microsoft has integrated Flash into IE so there is no way to disable it.  It will get updated by way of Windows update, so at least that is good, but there is no way to protect yourself from zero day attacks.  Just one more reason not to use Internet Explorer.

So, the Flash saga continues.  Until a large percentage of the user base disables Flash, advertisers (and the malware inside the advertising) will continue to use Flash to attempt to infect your computer.  Join the revolution and disable Flash.

To disable Flash in Firefox, open Firefox and type About:addons and select Ask To Activate next to Shockware Flash.

To Disable Flash in Chrome, open Chrome and type Chrome://plugins and uncheck the Flash plugin

To see what version of Flash you have installed, go to http://www.Adobe.com/software/Flash/About .

Information for this post came from KrebsOnSecurity.

Firefox Nukes Adobe Flash

As the  fallout of the Hacking Team breach (see post) continues, the Mozilla Foundation is taking the bull by the horns.  Right now there are at least two Flash zero day vulnerabilities that Adobe has not patched.  As people continue to go through the Hacking Team data dump, we may find more.

As a result, The Mozilla Foundation has opted to block all versions of Flash, in all versions of Firefox, on all platforms.

If you go to a web site that uses Flash, including ads, this is what you will see:

adobe notThe Mozilla Foundation has not decided what conditions are required to unblock Flash.

Not only does this impact sites – like CNN – that use flash for content, but also the huge number of ads that are Flash based.

Users can click on the link in the middle of the page to allow the content, but I would expect that few users will do that.

To add to Adobe’s woes, Facebook called for Adobe to End-of-Life Flash.

From a user standpoint, users should expect web sites to load faster as all the Flash content no longer has to be downloaded.

If the zero days continue to appear, Adobe will be between a rock and a hard place.  Flash has tried to be all things to all people – doing insane things under the covers – which has turned it into a security nightmare.

Personally, I was planning on disabling Flash until all this settles down.  The Mozilla Foundation did it for me.

Stay tuned.

 

Adobe Flash – The Gift That Keeps On Giving

UPDATE:  As expected, Adobe did release a second patch emergency patch for this bug and expects it to be available for download this week.  Adobe has said that there are reports of vulnerability being “actively exploited”.

You can check what version of Flash you are running by going to this link at Adobe.com .

Adobe Flash – the software that Steve Jobs hated so much that he wouldn’t allow it on mobile i-devices and said, about Flash, that it had abysmal security – has another exploit in the wild.  The reason for Jobs’ hatred of Flash is controversial (see here) and maybe due to the fact that he could not control Adobe and there are many free Flash based games that aren’t sold (since they are free) by Apple.

That being said, there is another zero day exploit (see here) for which there is a “kit” available to use the exploit.

Right now, the target seems to be Windows and Internet Explorer (yet another reason not to use IE), but the bug also exists in the Mac and Linux version of Flash. Windows Chrome and Firefox users are safer, but should update anyway.

Worse yet, the patch that Adobe released may not fix the problem – or the problem may really be two problems.  In any case, get ready for a second patch soon.

The fact that there is an exploit kit that hackers can use without having to develop it, means it will show up sooner in a hacked web site near you.

The new version of Flash is available at get.adobe.com/flashplayer.

Mitch