Posted on 01/25/2015 9:08:43 PM PST by Swordmaker
Adobe on Saturday released an updated version of its Flash player software that patches an undisclosed vulnerability which could allow remote attackers to take control of Macs or PCs, urging users to update as the problem is being actively exploited by malicious actors.
Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 16.0.0.296 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser.
The vulnerability which has been assigned CVE number 2015-0311 is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent.
Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
Oh great. Another eleven or twelve “updates” of Adobe flash I have to install, with an attendant eleven or twelve times Adobe tries to slip Chrome past me.
If you want on or off the Mac Ping List, Freepmail me.
Important. Ping Windows users to this thread, Coad.
I removed flash a few major exploit announcements ago. I haven’t missed it.
Got an assignment for you guys.... this is important. FLASH has a big hole in it and we need to get Windows users to either update it or delete it! Can you guys ping windows users to this thread?
Hey, Guys. . . I need to ask you a favor. . . It seems that Adobe announced early Sunday morning that Adobe FLASH has a huge vulnerability that allows a remote hacker to take complete control over both Windows 8.1 or Apple OS X . . . and there are already EXPLOITS out there in the wild for Windows, but not for OS X, yet. But we need to get the word out to WINDWS and MAC users to either DELETE FLASH or UPDATE it immediately. . . Can you please ping any Windows users you know to this thread so they can get the straight info? Thanks!
Adobe isn’t rushing out to get people to update so I’d suggest holding off on the world-is-ending hype. This is all pretty stupid. As another writer says, this only leads to multiple updates, slipped in 3rd party installs, etc.
Further, the info and links are suspect or dated. As I use Adobe Connect for my business, I checked my Flash install—I already have a newer version than any referenced. Best course of action is to simply set for automatic updates and relax. Might not address everything, but sure beats the world-is-ending hype.
Adobe always runs under the radar with the updates. . . and leaves people hanging in the wind. There are exploits in the wild. Many people have turned off their auto-updates. I think it is better that users be aware there is a problem with their FLASH player then ignorantly continue as they are. That's why I put "DELETE" in the announcement. They can do as they choose. It's posted. Freepers can do as they choose. . . as can you. In my opinion, it is not HYPE.
How would I go about deleting it? I’m not that computer tech savvy.
Adobe doesn't play by the rules Apple has established. To properly get rid of Adobe Flash Player you need to download the appropriate uninstaller for your version on OS X and run it.
I’m looking at a site called Softpedia where it says I can download an Adobe Flash Player Uninstaller 16.0.0.287.
Is that what you mean?
Assuming this isn’t just a rumor, the upgrade isn’t available yet from Adobe.
A manual download with the patch will be available this week, meaning that those of us who don't use auto-update will be at risk.
Thanks heaps, Adobe. You've done it again!
No, go directly to Adobe.com for any Adobe downloads. NEVER under any circumstances ever download an Adobe download from any other source. . . especially one from an email or a pop-up. That’s the way malware can get on your computer.
DAMN. My point exactly. Adobe is famous for leaving people waving gently in the wind. . .
Excellent advice.
Even if you go to the A-dope-y website, by installing the update you always get an extra bonus payload, some sort of useless security scan software from McAfee, and there’s no way I’ve found to opt out of it. I have to delete it every time. Grrr.
I don’t know if they do that to Apple users, but I wouldn’t put it past them.
Thank you for posting this thread.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.