Vulnerabilities w/Adobe

Just keeps on piling on
Now I get a message warning that Adobe Flash has security vulnerablities.
Whiskey Tango Foxtrot!
I gotta have it to run certain programs, but it has security problems?
Give me a break!
Sarge

 

Yeah, Firefox 39.0 has decided to disable Flash by default. Why Flash is suddenly such a problem it now has to be disabled only the FF authors know. rolleyes But you can click Allow and Remember - you only have to do that once.

 

I've had to click "Allow and Remember" for every site I've gone to that uses Flash in FF 39 (even MG's!). But, as you say, I've only had to do that once with each site.

 

http://www.majorgeeks.com/news/story/security_alert_for_adobe_is_a_phishing_scam.html

https://addons.mozilla.org/en-US/firefox/blocked/p946

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

As far as I recall, there's due to be an updated version of Flash released, hopefully, today. It'll be the 3rd emergency patched version in ~4 weeks?

FB are pushing for it to get dumped: https://twitter.com/alexstamos/status/620306643360706561

EDIT: .209 is up: http://www.majorgeeks.com/files/details/adobe_flash_player.html

 

Amazing!
Flash Player was created 19 years ago by Macromedia.
Adobe, current owner of Flash Player, has no shortage of finances and programmers.

What The :*** is going on?

 

Hey guys...

Something I have been thinking about in the defense of Flash. As far as I am concerned, it is the better video renderer in comparison to HTML5, and I hope they can get something done about securing PCs that run Flash. It's a good video player I feel.

The thing is that I think securing Flash based media should partly be on OS makers, or at least OS makers in partnership with Adobe. As Eldon mentioned, Flash has been around for 18 years, and for most of that the basically only option for online video. Yet, how much money has Adobe profited from carrying the weight of Flash through the years? I doubt really very much compared to the number of machines running the program.

So what's one of the first thing that we have all had to do when we get a new PC or reinstall Windows? Install Flash. Why do we have to do this? MS could have stepped up and paid $2 a copy for it to be included in Windows. Sometimes, I just cannot figure out why this type of thing doesn't happen.

This is one of a small number of programs that I feel MS should have been paying to have included on every PC out of the box. Cooperation would fix the Flash problem over night...and a little money in Adobe's pockets wouldn't be such a bad thing for such a good video player. Anyway, HTML5 video tears imo and even the sound quality seems lower to me.

Losing Flash will mean to me losing the internet. It doesn't matter what Facebook has to say, I just feel it's time for these companies to step up and cooperate. If they don't see it my way, I will just find something else to do with the time I spend on computers now...

 

plodr...

Thanks for the information.

I feel that this is part of a bigger issue of internet security. Securing Flash player is important, but also there is the issue of wayward internet connections from advertisers (should never be the case imo) and also from developers and even Microsoft and high profile OS and software makers.

When I look at the best security programs on the market, I am struck by the limitations of current methodologies for managing internet connections. I mean, if someone is going to get data off of a machine, it will almost always be through a connection port. After thinking things through over the last several years, I am convinced that the entire system needs to be overhauled. MS (and Apple and the others) connections should be clearly identifyable (I mean when MS is connected user knows about the connection and why it's happening) and the information being passed to MS should be clearly identifyable and verifyable. MS and the other OS makers should be a glass house when it comes to information gathering. This would be a big start toward general internet security...forcing Microsoft to be completely transparent when it comes to their connections.

As for the rest, the only thing I can see that would fix net security problems is some form of 100% disclosure and certification for IP addresses and web domains. Some form of domain range identification that places a domain into a category as, say, a third party program update IP or an OS update IP would help security software developers very much to be able to identify potentially dangerous connections. If connections could then be automatically blocked (like private connections) that fall outside of secure connection IP ranges for doing business (or that fall outside of ranges set by a user through their security software), maybe then the real discussion on security could begin.

For now, the internet is basically not secure I feel. Probably going to take some government regulation (around the world too, so cooperation) to get this done (or something like this). At least some of the candidates are talking about electronics security issues. Maybe it's a sign of good things coming.

For me, the rest of the discussion is just like emptying a can gasoline into lake Michigan to try to create a lake of fire. It just seems like a waste of time for us to expect Adobe or any other one company to be able to get this job done. Good work by security programmers is great, but I think this is going to have to be resolved at a higher level of action...

 

Interestingly enough is the fact that every month for some time now Windows 8.1 has had a security update for Flash Player (at least for IE 11). See att'd