Posted on 07/12/2015 6:49:06 AM PDT by dayglored
Updated -- Two more serious security holes in Adobe Flash that let miscreants hijack vulnerable computers have emerged from the leaked Hacking Team files – and crooks are apparently already exploiting at least one of them to infect machines.
The use-after-free() programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. They are similar to the CVE-2015-5119 Flash bug patched last week. The 5122 and 5123 bugs let malicious Flash files execute code on victims' computers and install malware. The bugs are present in the Windows, Linux and OS X builds of the plugin.
The 5119, 5122 and 5123 vulnerabilities were documented in stolen copies of files leaked online from spyware maker Hacking Team. The Italian biz's surveillance-ware exploits the vulnerabilities to infect computers, and these monitoring tools are sold to countries including Saudi Arabia, Sudan, Russia and the US.
Everyone with Flash installed should remove or disable the software until the critical security bugs are patched, or at least enable "click to play" in their browsers so that you know exactly what you're running on your system rather than letting websites play malicious Flash files silently in the background without warning or permission.
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
(Excerpt) Read more at theregister.co.uk ...
I won’t be back on the thread until very late tonight, but I’m sure all y’all can carry on without me. :-)
Bkmrk.
I have had a lot of trouble with Adobe products for years. Any suggestions on video players?
bump
FlashBlock will do the job for you. “Click to Play” is not always reliable since some browsers like Firefox and Chrome will automatically reset the Flash settings when the product is reinstalled/updated.
Thanks for the ping.
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Okay, I’ve put Adobe Flash in the same sh**can as IE and some other forgettable stuff.
Only “bad” thing is that I’ve had to toss out a bunch of games that the g’kids snuck onto my computer and switch to iTunes for some of “my” podcasts (Rush, for example). Otherwise, I’ve downloaded that VLC plugin and would almost swear it improved the look and function of every program on my desktop that I’ve tested so far.
Now, I’m waiting for the announcement that some hacker’s mucking about with ‘Dobe Reader.
That will REALLY get some drawers in knots.
This looks like government-level incompetence.
There have been many such announcements over the years. Here are some numbers from 2014:
http://secunia.com/resources/vulnerability-review/update-top50/
99 security vulnerabilities in Adobe Flash, 43 in Adobe Reader.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.