“Apple has issued a compulsory update forcing Mac OS X users to upgrade to the latest version of Flash, following the discovery of three zero-day vulnerabilities in the software,” Alastair Stevenson reports for V3.
“The update appears as a pop-up in all Apple systems using an outdated version of Flash,” Stevenson reports. “The forced update comes less than a week after a third critical zero-day Flash vulnerability was discovered by researchers at Trend Micro.”
“Adobe reported finding two other Flash zero-days in January. Both are known to have been actively targeted by hackers,” Stevenson reports. “The rapid discovery of the three flaws caused ripples in the security community. Experts from Darktrace, Trend Micro and Alienvault told V3 that the Flash flaws are evidence that traditional security practices are no longer effective.”
Read more in the full article here.
when is Adobe going to call it a day on this software. Flash has had more zero day defects than most anything I can think of short of Windows..
Hopefully not before they get HTML5 working property. Check HTML5test.com and you’ll see that Safari has the second lowest score on the site.
Apple chooses to not comply with certain codecs when rendering things in HTML 5, so they will never meet the rating of a more generic browser.
What is the reasoning for apple to ignore the standards it was pushing so strongly prior to Jobs’ death? If you can provide any documentation regarding this it would be appreciated.
HTML 5 is not a finalized standard. You may be confusing possible features with being part of an existing standard and that may be inappropriate. Some times the kitchen sink approach (aka, everything and the kitchen sink) is not the best approach.
I stopped using Flash long ago, uninstalled it from all my Macs. Safari is my preferred browser, but when I run across a site requiring Flash, I view it in Chrome, which has Flash built-in. Wondering if this vulnerability affects those whose only use of Flash is via Chrome?
I have done the same — no Flash and use Chrome only when Safari cannot display the content. If I encounter Flash content while use Safari, first choice is to go to the “Develop” menu and choose a User Agent of Safari for the iPad. About 3/4 of the time, this allows the content to be viewed by fooling the site into thinking I am viewing it from an iPad. Only if that does not work and only if I really need to see the content, do I go to Chrome. Many times I just skip it and move on.
I use ClickToFlash to block Flash on my Macs. This opens the page with a gray box wherever there’s Flash content. I can then choose to view the Flash content whenever I want to by double clicking on it, but not have it automatically start running.
I just started seeing problems where click-to-flash is not working consistently.
Only playing Flash video when turning off the click-to-flash extension.
(I’m running latest version of Flash 16.0.0.305)
Push away, Adobe, but I won’t install your crapware on my Mac, no how, no way.
It’s enough now. I deleted Flash from our Macs and won’t install it again. Feel much better…
The sooner Adobe issues an EOL notice on Flash to the world; the better
I can’t seem to keep my flash up to date.
I mean, I have an inside corporate source to flash player, yet they don’t bring both versions current, referring to NPAPI and PPAPI. This is more than frustrating, I get nagged, and have no real confidence that the Adobe auto downloads (mounted folders) are trustworthy.
I think Flash is a sinking ship and it needs to die ASAP.
Adobe Flash, (circa early 1990’s?) = Zombie ware
read: software that just won’t die. Ex., Netscape navigator aka Firefox.
I reluctantly updated Flash last week after being digitally nagged. I literally get about 3 days out of it and I’m being told its out of date again. This has to be the most vile major software ever invented, it’s practically unusable and needs updating every damn fortnight please please bury the damn thing.