kasturi
Legendary Member
- Messages
- 13,525
- Joined
- Jul 22, 2006
- Messages
- 13,525
- Reaction score
- 3,282
- Points
- 196
Tech giants disable the program on browsers following 'critical' security flaw
14 July 2015
On Firefox, updating the vulnerable Shockwave Flash plugin takes users to a blocked plugin page. It warns that all users who have these versions are affected and Mozilla is automatically disabling the plugin.
Leaked documents have revealed the program has a serious vulnerability that lets hackers take over anyone's computer.
And despite various patches and attempts at fixes, Google and Mozilla have now both pulled support for the plugin on their respective Chrome and Firefox browsers.
Adobe Flash, also known as Shockwave Flash, is used by websites to show multimedia items such as videos, graphics, games and animations.
It was once the go-to standard for multimedia, but many sites now use a markup language known as HTML 5 that does a similar job but is more advanced, doesn't require browser plugins and, given the recent hacks, is more secure.
Chrome: users are seeing an error message:
Plugins, in particular, need to be updated regularly and are vulnerable to security flaws if people are using out-of-date versions.
Be aware that removing or disabling Flash will have a knock-on effect on websites and users may find they can't use certain features on such sites without it.
By its nature, the Chrome version of the Flash plugin is more secure than the program but its extra security was still not enough to block hackers completely.
This flaw was revealed when a cyberattack on government-sponsored group Hacking Team leaked a series of documents.
These documents showed the Italian group using at least three unpatched Flash exploits to reportedly hack into people's accounts and take over their computers.
This could involve attackers installing malware on people's computers, stealing personal details, monitoring keystrokes to steal passwords and more.
And it is believed these exploits have been live for at least four years.
Respon dr Adobe:
Following the leak Adobe released a patch to fix the original vulnerability and this update was released on 8 July.
Earlier today the firm released another updated to Flash Player and said: 'We are proactively pushing the update out to users. We are also working with browser vendors to distribute the updated player.
'We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.'
It added that it will partner with browsers to both improve Flash Player security as well as invest in, contribute to and support more modern technologies such as HTML5 and JavaScript.
On Chrome, users will see an error message when they visit sites running Flash prompting them to upgrade the plugin, or it will let them 'Run this time.'
This enables the plugin for that specific video or graphic.
But when they try to update it, as per Google's official instructions, the component fails to update.
Google has not released an official statement.
Apple has not supported Flash on its iOS software since 2010. Steve Jobs said Flash caused poor performance, impacted battery life and had 'abysmal security'. Last week, Facebook's chief security officer Alex Stamon tweeted: 'It is time for Adobe to announce the end-of-life date for Flash'
Others are suggesting removing Adobe Flash completely.
14 July 2015
On Firefox, updating the vulnerable Shockwave Flash plugin takes users to a blocked plugin page. It warns that all users who have these versions are affected and Mozilla is automatically disabling the plugin.
Leaked documents have revealed the program has a serious vulnerability that lets hackers take over anyone's computer.
And despite various patches and attempts at fixes, Google and Mozilla have now both pulled support for the plugin on their respective Chrome and Firefox browsers.
Adobe Flash, also known as Shockwave Flash, is used by websites to show multimedia items such as videos, graphics, games and animations.
It was once the go-to standard for multimedia, but many sites now use a markup language known as HTML 5 that does a similar job but is more advanced, doesn't require browser plugins and, given the recent hacks, is more secure.
Chrome: users are seeing an error message:
Plugins, in particular, need to be updated regularly and are vulnerable to security flaws if people are using out-of-date versions.
Be aware that removing or disabling Flash will have a knock-on effect on websites and users may find they can't use certain features on such sites without it.
By its nature, the Chrome version of the Flash plugin is more secure than the program but its extra security was still not enough to block hackers completely.
This flaw was revealed when a cyberattack on government-sponsored group Hacking Team leaked a series of documents.
These documents showed the Italian group using at least three unpatched Flash exploits to reportedly hack into people's accounts and take over their computers.
This could involve attackers installing malware on people's computers, stealing personal details, monitoring keystrokes to steal passwords and more.
And it is believed these exploits have been live for at least four years.
Respon dr Adobe:
Following the leak Adobe released a patch to fix the original vulnerability and this update was released on 8 July.
Earlier today the firm released another updated to Flash Player and said: 'We are proactively pushing the update out to users. We are also working with browser vendors to distribute the updated player.
'We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.'
It added that it will partner with browsers to both improve Flash Player security as well as invest in, contribute to and support more modern technologies such as HTML5 and JavaScript.
On Chrome, users will see an error message when they visit sites running Flash prompting them to upgrade the plugin, or it will let them 'Run this time.'
This enables the plugin for that specific video or graphic.
But when they try to update it, as per Google's official instructions, the component fails to update.
Google has not released an official statement.
Apple has not supported Flash on its iOS software since 2010. Steve Jobs said Flash caused poor performance, impacted battery life and had 'abysmal security'. Last week, Facebook's chief security officer Alex Stamon tweeted: 'It is time for Adobe to announce the end-of-life date for Flash'
Others are suggesting removing Adobe Flash completely.
