Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delete Or Update All Adobe Flash Player Instances, Experts Warn (threatpost.com)

Posted by EditorDavid on from the Flash-in-the-pan dept.

An anonymous reader quotes an article from BankInfoSecurity: Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system." Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."

9 of 172 comments (clear)

  1. So we're fucked either way? by Anonymous Coward · · Score: 5, Insightful

    Ok, so if we stick with Flash we might be subjected to security problems.

    But if we stick with HTML5-based technologies, then we'll just be more easily tracked by advertisers.

    Sounds like we are fucked in both cases!

    1. Re:So we're fucked either way? by bloodhawk · · Score: 5, Insightful

      With flash you get the WORST of both. you get the tracking AND the security problems.

  2. Porn by Anonymous Coward · · Score: 3, Insightful

    There's a reason all the adult sites are going to HTML5 over Flash for video. You know your platform is outdated and totally not worthwhile when the porn industry abandons you.

  3. let this be a lesson by RichMan · · Score: 4, Insightful

    The once dominant interactive web "standard" is dead.
    What killed it? Security problems.

    For the web, security needs to the number one priority considered from day one when the architecture, specifications and scope of the project are first looked at.

    1. Re:let this be a lesson by guruevi · · Score: 5, Insightful

      Flash was never a "standard". I've always recommended clients to get rid of Flash sites because it wasn't a standard and not everyone could use it. When Flash was first introduced, a large number of people were still on dial-up and Flash sites were a big no-no because by then we already knew that people would click away if their site didn't load in 5s or less. Flash was then marketed towards people marketing towards broadband (video and interactive sites and DHTML were going to be all the rage once everyone got broadband).

      When everyone started getting broadband, companies like Google sprang up (or rather, became embedded in the culture) and "SEO" became the buzzword, Google wasn't Flash-aware or compatible, Flash was dead as a 'standard' platform for 'broadband' because no 3rd party company (outside Macromedia and later Adobe) wanted to support it.

      It eventually got taken over by Adobe and it was dead then because nobody trusted Adobe to fix it. It had many security issues already and many compatibility issues even within it's own tools. Adobe never fixed it, they just kind of half-integrated it with the rest of their suite but they effectively put it on life support. When Apple released the iPhone, Flash was dead and now it's just being this zombie process you know you have to get rid of at some point, but you don't really want to because maybe you may need it in some obscure corner of the web.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  4. Weekly Flash Warning. 7 Days Til Next Alert. by zenlessyank · · Score: 5, Insightful

    Since you haven't listened to the 483 times we have told you before, we will tell you again. Uninstall Flash Player. That is all.

  5. And Shame on Adobe by dmomo · · Score: 5, Insightful

    For undermining security to try and trick users into installing McAffe when upgrading. That should be opt IN not opt OUT.

  6. alright... so have we learned yet? by Anonymous Coward · · Score: 2, Insightful

    Flash, Javascript, ActiveX... have we learned now?

    Letting random web sites run any form of procedural code on your computer is NOT a good idea. Not just random web sites, but any site THEY in turn want to cross site script. Even when you try to sandbox this stuff, there are still holes. The valid use cases for such scripting are minuscule - it is chiefly used for advertising, tracking, profiling, and interfering with the user experience such as disabling cut and paste. For the very few valid use cases, it can be whitelisted.

    But default-enabled? That's insane, no matter what the web-language flavor of the day is.

    Captcha = mishap

  7. Re:The problem isn't flash by Anonymous Coward · · Score: 2, Insightful

    APK's internet access should be banned.