“Adobe is scurrying to patch the third Flash zero-day of the year, with criminal hackers already using a previously unknown and unpatched vulnerability to launch attacks against thousands of web denizens, security researchers warned today,” Thomas Fox-Brewster reports for Forbes. “Those attacks hit visitors to popular video sharing site Dailymotion, with other sites thought to be affected as the infections were launched via advertisements that will likely be resident on many other web pages.”
“Visitors to any affected site would have been redirected to an attacker-controlled page where an exploit kit would attempt to compromise the target system by targeting the Adobe Flash zero-day,” Fox-Brewster reports. “The vulnerability is in all supported forms of Flash, up to the latest versions for Microsoft Windows and Apple Macs.”
“Adobe said in its own advisory [that] it’s expecting a fix for this ‘critical vulnerability’ will be released this week,” Fox-Brewster reports. “But this fresh zero-day is yet another nail in the coffin for Flash, which has been covering off flaws in its software like crazy in 2015. It’s also had to cope with the ignominy of being ditched by Google, which chose to use HTML5 video for its YouTube service.”
Read more in the full article here.
MacDailyNews Take: Adobe’s shiteous Flash is the Typhoid Mary of the Web.
Related articles:
Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild – January 25, 2015
Shady app install ads automatically redirecting mobile users to App Store, Google Play [Updated] – January 16, 2015
Adobe issues fix for yet another Flash flaw – July 9, 2014
Adobe’s Flash Player gets yet another emergency update – February 5, 2014
I am sooooooooo looking forward to turning this plugin off, for ever. YouTube just went to HTML5 default on all their videos. That should hasten things just a bit.
Thanks iPhone!!! 🙂
On this website there is a very strange pop up that appears saying you’ve won something. There is no way to get rid of it except clicking okay. After that nothing happens.
Anyone seen anything like that and can MDN comment on it please?
I’m so glad Apple didn’t allow flash mess on iPads.
… Or any other iOS device, ever.
And that was the first — and arguably largest — nail in Flash’s coffin.
Thank you, Steve!!
The fact that so many companies still choose to use this peice of shit flash in a pan, is tetimony to how ignorant and out of step the business heads of old, have not a clue about technology, innovation and user experience that wins Apple its fanfare.
Wake up you idiots, ’twas over 5 years agothat Stev Jobs called flash out for killing the jou and advantages of innovation in tech.
The fact that so many companies still choose to use this peice of shit flash in a pan, is testimony to how ignorant and out of step the business heads of old, have not a clue about technology, innovation and the user experience that wins Apple its fanfare.
Wake up you idiots, ’twas over 5 years agothat Steve Jobs called flash out for killing the joy and advantages of innovation in tech.
Business heads know nothing, so they ask their techs to tell them what hardware and software to use. A tech told me “we fix things that break, so we always recommend the worst options, because they break.”
Seriously. A ‘tech’ actually said that?
This is my species?
New school…
The School Of The Self-Destructively Stupid.
Great that they lay (rape) the path for their future employment, but they destroy the future of the company they work for. This are the ‘dead wood’, or as I call it ‘the ‘Bad Air’. It’s breathing time for the corporation: Out with the Bad Air, In with the Good Air.’ IOW: Layoff time!
Really…that’s what happens when you kill the goose that lays the golden eggs…
Quote I recall about Typhoid Mary: “She was a good cook, and as good cooks go, she went.”
I see it too. I get one for Tesco. I think it’s part of the redirect ads we get here too.
I think the best thing we can do is take a screenshot of the pop-up (press the home button & wake/off button at the same time) then when you hit ok take a screen shot of where you are taken to. Then email the company you are taken to & the company they are advertising with a strongly worded complaint. Include the screenshots as well.
If we all do this maybe the firms will investigate and put a stop to it. I don’t believe the firms, in my case Tesco, would sanction this behaviour as it pisses people off and spoils the reputation of the firms.
This was a rey to DogGoneTo
Yet web designers keep pushing out Flash. Even websites that used to support HTML 5 have reverted to Flash- Washington Post and New York Times for example.
Apple could do a great service for humanity and squash the steaming pile that is Flash/Air for all time.
C.mon Tim, Open the wallet.
Developers, developers, developers…
What exactly could Tim &/or wads of cash do to stop bad web developers from infecting the web with Adobe Flash?
Better idea: Apple buys Adobe. Flash is shoved into the grave. The world applauds. 👏👏👏
Develop an alternative and market it.
Do I wish I could personally do that? Oh yes.
I wish HTML 5 actually covered all the Flash bases, but it does not, which is one reason The Damned Thing still survives. There are some lovely programming suites out now that make the best of HTML 5, however. Hopefully they will pack in additional JavaScript code to fill out the difference.
My brief advice:
Have a Flash blocking add-on in ALL your web browsers. ALL.
Safari has it’s own Flash blocking system when you can reach in its Preferences here:
1) Preferenced: Security: Manage Website Settings… (button):
2) On the left of the pane, choose ‘Adobe Flash Player’.
3) On the resulting right side:
– a) REMOVE all ‘Configured Websites’ using the minus (-) button.
– b) Set ‘When visiting other websites’ to ‘Block’ using the popup menu.
This setting forces Safari to put up a ‘blocked’ notice. You can then click that notice to approve each individual website you visit. Just remember that at this point some very prominent, usually safe websites are being compromised with this zero-day. Be extremely careful what you unblock.
OR: Just UNINSTALL nasty Flash. POS.
http://mac-security.blogspot.com/2015/02/critical-flash-fail-yet-again-third.html
thank you, DC. And BTW, Happy GHD!
Stupid Bill saw his shadow today. Hmph.
It sure would be awesome if web developers would stop using Flash. That would nip this in the bud.
But the porn sites would lose advertisers!
Tough titty!
OMFG, people still use Adobe Flash!
WTF!
I like how Safari now disables Flash automatically when it’s out of date.
A few weeks ago, Safari stopped Flash from working on my computer because Flash was out of date. It probably took days for me to even notice, because I don’t use many websites with Flash. When I did notice, I still left it disabled, because it was just blocking ads and other annoying Flash stuff I didn’t care about. Took about another week before I finally ran across something online that both required Flash and I actually wanted to see it, which made me finally install a Flash update.
I could easily see this repeating, up until the day Safari disables Flash, and I never update it because there’s no longer anything online requiring Flash worth seeing.
I went a step further and removed the Flash plugin from my Mac. I’ve lost the ability to see some ads and videos. Don’t regard that as a significant loss. 🙂