Posted on 10/15/2015 11:34:56 AM PDT by dayglored
Yet another bad new Zero-Day (already exploited) Adobe Flash vulnerability.
Time to uninstall Flash from all your computers and keep it off for good!
To remove Flash from Windows:
Ref.:
ping
I just now visited Adobe's site: https://get.adobe.com/flashplayer/ with my Windows 7 and Firefox, and they are offering only the vulnerable 19.0.0.207 version.
Pray tell, where did they release .209 to, if not their own website? What OS and browser are you running, to see .209?
The .209 download is on the Adobe Labs Downloads site.
Arrow down to the Flash Player 19 Beta and select the appropriate version(s).
http://labs.adobe.com/downloads/flashplayer.html
Announcement: We are moving to a rapid beta release cycle using "Background Update". We encourage you to subscribe so you can get the latest and the greatest Flash Player without a single mouse click.Like I or any other sane user are going to allow Adobe to silently install beta versions of Flash Player into my computer without my approval and explicit authorization each time?
Seriously? I mean no offense to -you- of course, just sayin', Adobe does not have the complete trust of any sane person at present.
In any case, I don't think I can in good conscience tell my fellow FReepers to download quick-turn beta-grade software from Adobe. I'll stick with "uninstall Flash until further notice" and wait for Adobe to make a formal release on their regular page.
Nobody I know needs Flash that bad that they'd run a beta version today.
And I note Adobe has the usual disclaimer about not using betas on anything that actually matters (production or other mission critical systems). Most folks on FR are using their only computer, so it is sort of their "production" system. Hence my caution.
I also find it slightly annoying that they discontinued Linux work back at version 11.2 since I prefer using Linux for browsing to sites that might contain Windows-specific malware. Oh well.
To be completely candid, I don’t know if I’d run a Beta version right now from ANYBODY without a ton of crosschecking and consideration.
....and Adobe????
Don’t make me laugh. I’m not real certain that bunch could even spell “security” correctly more than once every six or seven stabs at the deal.
Rapid release has killed a lot of Firefox.
Many developers of extensions/add-ons quit updating because it was too much.
Rapid release must have something to do with job security, because such releases cause more problems than they resolve. Firefox comes out with a new release. Within a week or so, they come out with .1 update. Then, .2 update. Then a new release.
Yep, and I don't blame them.
> Rapid release must have something to do with job security,...
I'd bet it has to do with the increasing pressure from the malware/exploit community and malicious state-sponsored actors who crave to use vulnerabilities for financial or espionage purposes. This latest Flash vuln has been used for espionage against our own government.
So in that kind of environment, rapid release of patches makes sense -- fix every flaw as it appears because time is of the essence.
But it doesn't IMO require new major version numbering. That's nuts, and my god, Firefox is at version 40-something now? WTF.
I kind of hope that MS Win10's Edge sets a precedent with regard to "No Plugins". It'll kill off a lot of developers, which saddens me, but it'll hopefully improve stability and security enough to compensate for the loss of add-on functionality.
If you want on or off the Mac Ping List, Freepmail me.
I’m using chrome on Linux Mint.
From google’s support page, it instructs you to do this:
Turn specific plugins on and off
You can turn certain plugins on and off at any time.
On your computer, open Chrome.
In the address bar at the top, type chrome://plugins/ and press Enter.
Next to the plugin youd like to use or turn off, click Enable or Disable.
Note: When you visit a page with a plugin thats turned off, youll see a message that says the plugin has been disabled instead of seeing the video or audio thats on the page.
Easy as pie, the built in support for flash is disabled.
It remains to be seen how many pages complain about it being disabled.
Thanks- complying immediately!
So I can uninstall Silverlite also, with no repercussions?
Yes. Unless you've got a mission critical application that requires it, you can uninstall it and not look back. According to its Wikipedia page:
Microsoft announced the end of life of Silverlight 5 [the most current version] in 2012. In 2013, Microsoft announced that they had ceased development of Silverlight except for patches and bugfixes. Silverlight is no longer supported in Chrome on OS X, while support for Silverlight in Chrome on all other operating systems was disabled by default in April 2015 and was removed completely in September 2015. Microsoft has set the support end date for Silverlight 5 to be October 2021. In 2015, Microsoft announced that since support for ActiveX was discontinued with Microsoft Edge, Silverlight will not be supported in that browser.I'd say you're safe. Not only has there been no reason for developers to write for it for many years, the fact that Windows 10 Edge does not support it is the death knell.
So, I downloaded Flash and am halfway thru the course. Guess I'll hurry up and finish (and surf nowhere else but FR). Then I'll decide if it is worth the risk of having the wife take the same course --before I again purge FlashCrap from my system... :-(
Thanks, it will be uninstalled ASAP.
http://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/
Dang it!
Adobe Security Bulletin
Security Advisory for Adobe Flash Player
Release date: October 14, 2015
Last updated: October 15, 2015
Vulnerability identifier: APSA15-05
CVE number: CVE-2015-7645
Platforms: Windows, Macintosh and Linux
Summary
A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16.
Affected software versions
Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Severity ratings
Adobe categorizes this as a critical vulnerability.
Oh dear. Yeah, E-card animations and games are the last holdouts of Flash, other than obnoxious ads.
Well, perhaps you can convince yourself away from the cards with this charming (not!) Facebook page:
https://www.facebook.com/IHateJacquieLawson(Slight rude language caution)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.