Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild

AppleInsider ^ | Sunday, January 25, 2015 | By AppleInsider Staff

[Steely Tom]

Oh great. Another eleven or twelve “updates” of Adobe flash I have to install, with an attendant eleven or twelve times Adobe tries to slip Chrome past me.

[Swordmaker]

Adobe announces an update to Adobe FLASH. . . fixes a vulnerability which can allow a REMOTE hacker to take over both Windows 8.1 and Apple Mac OS X computer. . . for which there are ACTIVE Exploits in the wild for Windows computers! So far, no one has seen any exploits for OS X, but that does not mean they are not possible!

Users of both platforms should UPDATE or DELETE ADOBE FLASH IMMEDIATELY! — PING!

Apple OS X AND Microsoft Windows 8.1 SECURITY Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Important. Ping Windows users to this thread, Coad.

[enduserindy]

I removed flash a few major exploit announcements ago. I haven’t missed it.

[Swordmaker]

Got an assignment for you guys.... this is important. FLASH has a big hole in it and we need to get Windows users to either update it or delete it! Can you guys ping windows users to this thread?

[Swordmaker]

Hey, Guys. . . I need to ask you a favor. . . It seems that Adobe announced early Sunday morning that Adobe FLASH has a huge vulnerability that allows a remote hacker to take complete control over both Windows 8.1 or Apple OS X . . . and there are already EXPLOITS out there in the wild for Windows, but not for OS X, yet. But we need to get the word out to WINDWS and MAC users to either DELETE FLASH or UPDATE it immediately. . . Can you please ping any Windows users you know to this thread so they can get the straight info? Thanks!

[Reno89519]

Adobe isn’t rushing out to get people to update so I’d suggest holding off on the world-is-ending hype. This is all pretty stupid. As another writer says, this only leads to multiple updates, slipped in 3rd party installs, etc.

Further, the info and links are suspect or dated. As I use Adobe Connect for my business, I checked my Flash install—I already have a newer version than any referenced. Best course of action is to simply set for automatic updates and relax. Might not address everything, but sure beats the world-is-ending hype.

[Swordmaker]

Adobe isn’t rushing out to get people to update so I’d suggest holding off on the world-is-ending hype. This is all pretty stupid. As another writer says, this only leads to multiple updates, slipped in 3rd party installs, etc.

Adobe always runs under the radar with the updates. . . and leaves people hanging in the wind. There are exploits in the wild. Many people have turned off their auto-updates. I think it is better that users be aware there is a problem with their FLASH player then ignorantly continue as they are. That's why I put "DELETE" in the announcement. They can do as they choose. It's posted. Freepers can do as they choose. . . as can you. In my opinion, it is not HYPE.

[jonatron]

Anyone who wants to find out what version of Adobe is on the computer they are using can go here:
http://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html

[CaptainK]

How would I go about deleting it? I’m not that computer tech savvy.

[Swordmaker]

How would I go about deleting it? I’m not that computer tech savvy.

Adobe doesn't play by the rules Apple has established. To properly get rid of Adobe Flash Player you need to download the appropriate uninstaller for your version on OS X and run it.

[CaptainK]

I’m looking at a site called Softpedia where it says I can download an Adobe Flash Player Uninstaller 16.0.0.287.

Is that what you mean?

[Kirkwood]

Assuming this isn’t just a rumor, the upgrade isn’t available yet from Adobe.

[TChad]

At this writing Adobe is still pushing Flash 16.0.0.287 for Windows 7 and 16.0.0.257 for Vista from the "Get Adobe Flash" link, http://get.adobe.com/flashplayer/. Mozilla plugin check (https://www.mozilla.org/en-US/plugincheck/) reports both versions as up to date.

[TChad]

Apparently Flash for Windows started automatically installing the patch on January 24 if auto-updates are enabled.

A manual download with the patch will be available this week, meaning that those of us who don't use auto-update will be at risk.

Thanks heaps, Adobe. You've done it again!

[Swordmaker]

No, go directly to Adobe.com for any Adobe downloads. NEVER under any circumstances ever download an Adobe download from any other source. . . especially one from an email or a pop-up. That’s the way malware can get on your computer.

[Swordmaker]

Thanks heaps, Adobe. You've done it again!

DAMN. My point exactly. Adobe is famous for leaving people waving gently in the wind. . .

[Fresh Wind]

Excellent advice.

Even if you go to the A-dope-y website, by installing the update you always get an extra bonus payload, some sort of useless security scan software from McAfee, and there’s no way I’ve found to opt out of it. I have to delete it every time. Grrr.

I don’t know if they do that to Apple users, but I wouldn’t put it past them.

Thank you for posting this thread.

[moose07]

Your presence has been requested in the Drawing room....
ADOBIE has dropped another one.