New Zero-Day Flash Bug Affects Windows, OS X, and Linux Computers

An anonymous reader writes "Researchers at the Kaspersky Lab have uncovered a zero-day Adobe Flash vulnerability that affects Windows, OS X, and Linux. 'While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.' Adobe has reportedly patched the bug for all platforms. Researchers first detected the bug from attacks performed on seven Syrian computers. The attacks seem to have been hosted on the Syrian Ministry of Justice website, which has led to speculation that these are state-sponsored vulnerability exploits. This speculation is further supported by evidence that one of the exploits was 'designed to target computers that have the Cisco Systems MeetingPlace Express Add-In version 5x0 installed. The app is used to view documents and images during Web conferences.'"

Long story short

flash is equally bad on all platforms web guys please stop using it.

Re:Long story short

[powerlord]

flash is equally bad on all platforms web guys please stop using it.

Hey ... look at the upside, feature parity across Windows, OSX and Linux ... even for bugs and exploits.

Re:Long story short

[fuzzyfuzzyfungus]

flash is equally bad on all platforms web guys please stop using it.

Will nothing please you whiners? The Adobe Exploit Runtime offers simultaneous support across Windows, OSX, and Linux for a cutting edge vulnerability, and do we hear even a whisper of credit?

Re:Long story short

[Dixie_Flatline]

One of the best things Steve Jobs ever did for the security of computing around the world is slowly crush Flash under his heel.

It's bad.
It's always been bad. Apparently, it will always be bad.

Just let it die. It's a CPU and memory hog (another good reason not to use it on mobile; the CPUs these days can handle it, but it's bad for battery life) and it's a massive security hole. Why in the world should it get a pass? Someone at Adobe should've nuked it from orbit years ago.

I have it disabled.

[Antony+T+Curtis]

I deliberately do not install Flash on my computers _and_ I deliberately choose to not install any of the third-party work-alikes.

If the content owner only publishes content in a SWF, it is not worth my bother to look at it. Okay, I can't view video clips in Facebook, but if it is an embedded youtube video, usually I can view it just fine by going to youtube's website.

Seriously: why doesn't Flash just die?

[dsinc]

I'm not a Flash developer, so I'm asking very seriously: is there a compelling reason to keep using Flash in 2014? For the past several years, the only notable things associated with this technology have been major security holes.

Ahem.

[peatbakke]

http://i.imgur.com/TNz9k9G.jpg

Uninstall Flash!

[chihowa]

I just reinstalled my OS a few weeks ago and never reinstalled flash. Despite a profuse amount of websurfing and watching videos here and there, I haven't needed flash yet.

Fewer annoying, moving, sound-producing site navigation controls, better battery life on my laptop when watching videos, and fewer horrible security vulnerabilities to worry about! Dumping Flash is something I should have done long ago!