Adobe Pushes Emergency Flash Player Security Fix 56
wiredmikey writes "As expected, Adobe today released a security update for its Flash Player. The out of cycle update addresses critical security issues in flash player as well as an important universal cross-site scripting issue. Adobe reported that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. To illustrate the importance of keeping systems up to date, including Adobe Flash products, the fact that the RSA cyber attack was executed using a spear phishing attack with an embedded flash file should serve as a friendly reminder. RSA was breached after an employee opened a spreadsheet that contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability."
Re: (Score:3)
Re: (Score:2)
All you have to worry about is...
http://www.pcmag.com/article2/0,2817,2368269,00.asp [pcmag.com]
This one took about a week...
http://www.slashgear.com/apples-mac-os-x-security-update-2011-005-blocks-stolen-diginotar-certificates-09178410/ [slashgear.com]
Maybe u can just go to slashd0t.org instead if you set up your internal certs proper if your on a mac :) .
Coming soon, can you set up local certs on a mac? rats... google returned a hit... :)
https://discussions.apple.com/thread/2734627?start=0&tstart=0 [apple.com]
even better
Re: (Score:1)
Only couple of cases when I do click on flashblock is - in youtube or vimeo when they don't have html5 support
This has never happened before! (Score:5, Funny)
The sooner we can get rid of Flash, the better. Bring on the HTML5, which will have no security vulnerabilities whatsoever!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
people shouldn't continually lump trolling together with parody, sarcasm, irony, tongue in cheek, or just stand up comedy.
Re: (Score:2)
Go ahead and build me a game or an app that is more complicated than minesweeper or a tip calculator that can run seamlessly on multiple browsers. Or tell a client that their product slideshow will have nice transitions sometimes, in some browsers, maybe. But don't use it on IE6, or firefox. But IE9 will work, after service pack XX.
Do some actual production work once in a while, with a client that isn't your mom, be
Re: (Score:1)
Re: (Score:2)
The sooner we can get rid of Flash, the better. Bring on the HTML5, which will have no security vulnerabilities whatsoever!
Exactly, Microsoft removing flash support in the upcoming version of IE will bring us back years in terms of security.
Re: (Score:2)
That is the f*cking understatement of the century!!!
I hate flash, yet people still want to use it, I do not understand....foxit atleast, if not other pdf viewers. Adobe just has no clue when it comes to secuirty, they are great at buying up the competition and repackaging the software for the image industry, not for security, so why allow your browser to have access to it, we really do not need to have flash websites....period!
Re: (Score:3)
Adobe used to mean something to the computing world. Now it is just the proponent of the worst jerry-rigged encapsulation methods and application platforms for malicious exploitation.
Adobe was the company that trained me to press CTRL+S at least every two minutes so I wouldn't lose too much work the next time Premiere crashed, and to save to a new file every couple of hours so that I wouldn't lose too much when it corrupted the save.
Re: (Score:2)
Re: (Score:2)
Adobe was the company that trained me to press CTRL+S at least every two minutes so I wouldn't lose too much work the next time Premiere crashed, and to save to a new file every couple of hours so that I wouldn't lose too much when it corrupted the save.
Heh, I learned that already in childhood playing Sierra games. Save early, save often and keep your old savegames. Of course that was by design, maybe they were just trying to prepare people for work life? It has certainly saved my ass a few times...
Paged media and vector animation (Score:2)
PDF should not be a distribution method for online documentation or viewing in web browsers, it should be available as a tertiary format FOR PRINTING ONLY
Web browser developers have treated CSS paged media [w3.org] as a mere afterthought. What's the best practice to distribute paged media such as slide presentations for on-screen viewing?
Flash should not be the default video player. But it is.
I agree for pixel-based video, not so much for vector-based cartoons, at least until 2014 when Windows XP dies (taking IE <= 8 with it) and until browsers' SVG renderers become much faster.
Re: (Score:2)
Put everything on one page and have the user the PgDn key or the scroll wheel.
So how does the author of such a page set the PgDn key or the scroll wheel to advance the scroll position by exactly the height of one slide?
PowerPointitis, margins, and FlashPaper (Score:2)
Tepples listed one good use for PDFs (natively paginated documents, such as IRL slideshows/presentations)
The impression I got from the top-level post was that documents SHOULD NOT* be natively paginated and SHOULD be authored for scrollable media. Slideshows/presentations allegedly lead to PowerPoint syndrome [visionarymarketing.com].
a PDF viewer that almost invariably supports both continuous scrolling and single-page viewing.
In theory, yes. But in practice, people still distribute PDFs with two-column layouts intended for printing. And even with one-column layouts, continuous scrolling still leaves a two inch gap between the text at the bottom of one page and the text at the top of the next.
Re: (Score:3, Interesting)
Re: (Score:2)
It's atrociously unprofessional on Adobe's part, very 90's
Re:Now With self-deleting installer! (Score:2)
JEEEBUSS CHRIST!!!! (Score:2)
Flash is truly become one big pile of steaming crap! I used to be against Apple, but frankly I think it should be made unlawful and Adobe fined a trillion dollars for every security incident involving that piece of garbage.
Fucking hell, all of this so we can watch some fucking videos on the Internet and be annoyed by idiotic ads. Somebody, please, wipe Adobe out. They have become, through their sheer stupidity and incompetence, a force for online evil.
Re: (Score:2)
I would partly blame Firefox (!) however as well. Why would I say such a thing? Firefox fails to offer some means to block the loading of the flash plugin selectively, I would like for instance to by default block it and then opt in to allow certain pages to use flash. This should be integrated into a general security zones feature where you can create a security zone with this and settings for other things like javascript, to be enabled or disabled for the sites you have added to the zone. Firefox lacks th
Re: (Score:2)
How do I...? (Score:3)
Cross-site Scripting FAQ (Score:2)
Figures (Score:1)
I just got done making a new install image for work today.
I'm seriously not trolling (Score:2)
Slim version (Score:4, Informative)
Nice quickly installing slim version, no junk and no download manager etc required:
IE
http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe [adobe.com]
Firefox etc
http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe [adobe.com]
Re: (Score:1)
Re:Slim version (Score:4, Informative)
You sir are a gentleman and a scholar. You wouldn't happen to have an MSI would you?
Funny, I just went looking for such a beast, being sick of fighting with their usual installer...
64 bit? (Score:2)
Does this also affect the 64 bit version 11? Just curious since they haven't updated it for 2 weeks.
just goes to show... (Score:1)
the more features you add to a program the more likely it is to be exploited. it also doesn't help to be closed source.
So? (Score:2)
Is every security update now front page-worthy news? Maybe it's been a slow news day or something, but Flash security patches aren't exactly a rare occurrence. Might as well have an article "SUN COMES UP AGAIN TODAY!"
Getting the New Version (Score:2)
For those few (like me) who use SeaMonkey with "Advertise Firefox compatibility" disabled, the download site for Flash is broken. You wind up in a loop without ever getting the download. Either enable "Advertise Firefox compatibility" or spoof Firefox in some other way. Then, before trying the download site, remove all Adobe cookies. Yes, it's another case of invalid UA sniffing.
When you finally download, you get a stub installer, not a complete installer. This is true for everyone, including users of
Does this effect Flash 11 beta? (Score:1)
Does this effect the Flash 11 beta?
Re: (Score:2)
Adobe released Flash 11 yesterday, so no need to use the beta anymore; and I'm assuming the security issue was addressed or the release wouldn't be happening.
http://apple.slashdot.org/story/11/09/21/1559246/Adobe-Releases-Flash-11-and-AIR-3 [slashdot.org]
TFA specifically calls out Flash 10.3 though, not v11. Also the Flash 11 beta on Linux doesn't mention the new release at all. I am using Ubuntu and using the Flash Preferences (in System > Preferences), I am not informed of any actual new release. Maybe because I am i
Re: (Score:3)
Oh man, I hate replying to my own ./ post, but *that* ./ article headline and summary are completely false. If your read all the waaaay down to the bottom of TFA, on the linked-to slashdot piece, it says "Flash Player 11 and AIR 3 would be publicly available in early October, Adobe said in a statement." So no v11 Release happened at all.
Adobe specifically states "Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and
Useless security fix without an effective updater (Score:1)
It doesn't matter how quickly Adobe push out security updates, their updater is ineffective because it has too many manual steps, when it should be able to be completely automated like Windows Update is.
Most users that I have seen simply click "Cancel" every time they start up their computer and the updater comes up, because they don't know what it is, and have been tought not to install software that they don't know.