Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Linux, Windows, or Mac: You need to patch Adobe Flash
IT World ^ | 09 December 2009 | sjvn

Posted on 12/10/2009 5:56:56 AM PST by ShadowAce

I don't think about Adobe Flash much. I just use it. I think that's the case for most of us. Almost all the video on the Web is in Flash, and we just take it for granted. That's a mistake. Like any other popular application, it can be an easy way for a cracker to hack into your computer.

Take Adobe Flash's latest round of patches. Adobe doesn't say a lot about exactly what it's fixing in its security advisory, but out of the seven security bugs they're fixing, six of the repairs are on problems that "could potentially lead to code execution."

That's a fancy way of saying that they could be used to bust into your PC. Once there, they could install malware, rip off your personal data, and in general make your life a living hell.

Here's how this kind of thing works. A cracker designs a corrupted Flash (SWF) file. This file is then hosted or embedded in a Web page or even hidden inside a PDF (Portable Document Format) file. When you come along, your Adobe Flash Player runs the program instead of showing you the video content you expected. You may even see the video you were expecting.

In the meantime though the automatic attack is busily at work compromising your system. Usually these hidden attacks are made to infect your Windows PC with malware such as the easily defeated Trojan.Pidief.G.

But, and this is important, while Flash attacks are usually used to exploit Windows' many vulnerabilities, these Flash security holes are also in the Linux and Mac OS X versions as well. Sure, they're both safer than Windows, but if you don't patch your Linux and Mac OS X Adobe Flash Players, you're leaving a window of opportunity open for an enterprising hacker, who's counting on you not taking security seriously, to hack into your systems as well.

So, in short, regardless of what operating system you're running, update to the 'safe' version of Flash Player, 10.0.42.34, now. I'd rather be safe than sorry any day.


TOPICS: Computers/Internet
KEYWORDS: adobe; flash; flashplayer; mac; security
Navigation: use the links below to view more comments.
first 1-2021-25 next last

1 posted on 12/10/2009 5:56:58 AM PST by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 12/10/2009 5:57:20 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Ever since I downloaded this latest Flash patch for my Mac book, I have had problems loading several sites that I go to often, WMAL being the worst offender.


3 posted on 12/10/2009 6:33:38 AM PST by La Lydia
[ Post Reply | Private Reply | To 1 | View Replies]

To: La Lydia

What kind of problems? What’s your setup?


4 posted on 12/10/2009 6:42:24 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

When I try to open certain sites, such as the WMAL one, it jumps around and flashes and doesn’t load, as if I were hitting the reload button continuously, although I am not. I did a little snooping around, got onto the site by finding a link that didn’t have any moving graphics, and at one point got a message that said I didn’t have cookies enabled, which is not the case. Anyway, it is annoying. It ticks me off to do something recommend by Apple to make performance better, and it ends up being worse.


5 posted on 12/10/2009 6:46:13 AM PST by La Lydia
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce
Thanks for posting this. Flash, because it is used so much on websites, is definitely an attack vector that we all need to keep a watch out for. I've got the adobe yum repository set up here, so updates are automagic. For Firefox users, it's a good idea to validate that the plugin you think is being used, is actually the one that is being used. Enter "about:plugins" in your address bar, and take a look at what's there.
6 posted on 12/10/2009 7:15:47 AM PST by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

bump to the top


7 posted on 12/10/2009 7:16:16 AM PST by GOPJ (...Journalists are BaghdadBobLite .... Global Warming Scientists are ElmerGantry)
[ Post Reply | Private Reply | To 1 | View Replies]

To: La Lydia; ShadowAce
I just UPDATED to the Flash you suggested at Adobe on two XP boxes. I had NO problems. I was asked to restart Firefox, which I did. I went to the WMAL 630 AM Website and loaded the On Demand Video and had NO problems. Again, this is Windows XP. There have been no problems in Linux.

8 posted on 12/10/2009 7:19:48 AM PST by pyx (Rule#1.The LEFT lies.Rule#2.See Rule#1. IF THE LEFT CONTROLS THE LANGUAGE, IT CONTROLS THE ARGUMENT.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Good ol Adobe, always putting in that extra effort to make sure their software is annoying.


9 posted on 12/10/2009 7:21:40 AM PST by discostu (The Bluebird of Happiness long absent from his life, Ned is visited by the Chicken of Depression)
[ Post Reply | Private Reply | To 1 | View Replies]

To: pyx

Yes, but as I stated before, I am on a Mac book and use Safari. Different planet.


10 posted on 12/10/2009 7:47:18 AM PST by La Lydia
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker

Ping to Swordmaker...


11 posted on 12/10/2009 8:00:05 AM PST by Star Traveler (The God of Abraham, Isaac and Jacob is a Zionist and Jerusalem is the apple of His eye.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

bttt


12 posted on 12/10/2009 8:50:04 AM PST by GOPJ (...Journalists are BaghdadBobLites .... Global Warming Scientists are ElmerGantry)
[ Post Reply | Private Reply | To 2 | View Replies]

To: La Lydia
I'm not a big fan of Flash. What I find (or found, prior to using ad blocker) is that the stupid commercials use flash, and have ten to fifty meg files that bog down web pages and make them unusable.

Flash is a good tool, but so is a hammer. Most Flash programmers are the equivalent of a five year old with a hammer walking around in the Alzheimer's wing of the nursing home.

I find this to be true with many programming technologies. You can do incredibly cool stuff with them, but the first thing that happens is some bozo working for an advertising company asks "Okay, how can we use this technology to annoy the ever loving crap out of everyone?"

13 posted on 12/10/2009 9:00:58 AM PST by Richard Kimball (We're all criminals. They just haven't figured out what some of us have done yet.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ShadowAce
Help eliminate Adobe's starnglehold. Donate money or your coding skills to The Gnash Project.

Gnash is the GNU SWF movie player, which can be run standalone on a computer or an embedded device, as well as as a plugin for several browsers. It is a part of the GNU Project that aims to create a free software player and browser plugin for the Adobe Flash file format. It developed from the GPLFlash project.

14 posted on 12/10/2009 10:35:56 AM PST by papasmurf
[ Post Reply | Private Reply | To 1 | View Replies]

To: Richard Kimball
I'm not a big fan of Flash. What I find (or found, prior to using ad blocker) is that the stupid commercials use flash, and have ten to fifty meg files that bog down web pages and make them unusable.

Agreed.  Try the Flashblock Firefox extension (If you're using Firefox) It blocks all flash leaving only a little arrow for you to click if you do want to see that particular flash.  Plus you can whitelist sites where you always want flash.  Its a Godsend in these days of hyperanimated web ads. 

15 posted on 12/10/2009 2:14:53 PM PST by MichiganMan (Oprah: Commercial Beef Agriculture=Bad, Commercial Chicken Agriculture=Good...Wait, WTF???)
[ Post Reply | Private Reply | To 13 | View Replies]

To: ShadowAce

16 posted on 12/10/2009 2:55:43 PM PST by JoeProBono (A closed mouth gathers no feet)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ~Kim4VRWC's~; 1234; 50mm; 6SJ7; Abundy; Action-America; acoulterfan; Airwinger; Aliska; altair; ...
Flash! Adobe Flash needs to be updated due to severe ZERO DAY security vulnerability that "could allow execution" of malicious code when a user views a maliciously crafted Flash file—PING!

Supposedly works on Windows, Linux and OS X—but, remember, a vulnerability does not an exploit make.


Nasty Adobe FLASH Vulnerability Ping!

If you want on or off the Mac Ping List, Freepmail me.

17 posted on 12/10/2009 4:05:33 PM PST by Swordmaker (Remember, the proper pronunciation of IE isAAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MichiganMan; Richard Kimball; La Lydia
Agreed. Try the Flashblock Firefox extension (If you're using Firefox) It blocks all flash leaving only a little arrow for you to click if you do want to see that particular flash.

For those using Safari, there is the ClickToFlash plugin which does the same thing; blocking the flash unless you click on the item. Just quit Safari, run the installer, and it's done.

18 posted on 12/10/2009 4:41:07 PM PST by 6SJ7 (atlasShruggedInd: ON)
[ Post Reply | Private Reply | To 15 | View Replies]

To: papasmurf; ShadowAce

Or just support HTML 5 for video. The only question is whether to use H.264 or Ogg.


19 posted on 12/10/2009 4:43:40 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 14 | View Replies]

Comment #20 Removed by Moderator


Navigation: use the links below to view more comments.
first 1-2021-25 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson