“Word has emerged about a ‘ransomware’ exploit involving Adobe Flash. Adobe has responded with an update,” Peter Cohen blogs. “The ransomware exploit is, for now, limited to users of Windows, but the update has been made to all supported platforms, so it’s an update to essential Flash code, not just something Windows-ish.”
“This illustrates that you need to be very careful about what you keep on your computer, and that you may want to periodically rethink the software you have installed,” Cohen writes. “To that end, if you absolutely need Adobe Flash to access content on the web that you need, at least make sure you’ve updated to the most recent version. Following another heinous Flash problem last March, I posted details about to update Flash safely on your Mac.”
“Those some rules apply today if you need to update. But if you don’t need Flash, you’ll be better off without it all together,” Cohen writes. “It’s a gaping security problem, can cause performance and battery drain issues and is increasingly irrelevant to the web as more developers use HTML5 and other media-rich non-proprietary tech.”
“So why not remove it all together?” Cohen writes. “If you already have Flash installed on your Mac and you’ve decided that enough is enough, here’s how to get rid of it once and for all.”
Easy instructions in the full article here.
MacDailyNews Take: Flash must die. Let’s all help it along, shall we?
SEE ALSO:
Adobe issues yet another ‘Emergency’ Flash Player security update to thwart ransomware attacks – April 8, 2016
Adobe Flash has a huge security hole that’s being exploited right now – March 11, 2016
Google will stop running Flash display ads on January 2, 2017 – February 10, 2016
Adobe’s bloated, insecure Flash must die – July 15, 2015
Apple CEO Steve Jobs was right about Adobe’s Flash – May 2, 2011
Steve Jobs posts rare open letter: Thoughts on Flash – April 29, 2010
My life is splendid being Flash-free.
As well as being Google-free and Microsoft-free
I would like to have such a life. But I need YouTube. 😩
Would be nice if Apple had something like YouTube.
Enable the develop menu in safari. Then change the user agent to iOS, and YouTube will default to html5 and work.
Done! Works!!
Thanks.
Unfortunately doing this will also over-inflate iOS web traffic statistics and convince Cook that he should continue to marginalize the Mac.
I’m set for HTML5 on youtube and haven’t had many problems with needing FLASH as of late. Have you tried recently?
Google has thankfully made YouTube almost entirely HTML5 video. You won’t need decrepit Adobe Flash for much of anything on YouTube. But I do indeed run into the occasional POS Flash-only video there.
Yes, that is very true.
“The trick is to use Google’s Chrome browser. Chrome “sandboxes” Flash inside itself, so you can still see Flash content on the web without it possibly affecting the rest of your computer.”
The article suggests using Google’s Chrome browser to keep seeing Flash content, but if you install Chrome on your Mac, it will adamantly run it’s update service each time you boot and login into your Mac, which was taking about 1 minute before I saw the login window, then another 20-30 seconds after login. Very disgusting. You may see this update service time by running the Console application after logging in. Interestingly, if my MacBook had no Internet access after turning it on, boot time would be a lot shorter.
This happened no more than a year back and I removed Chrome completely from my Mac. I never looked at the possibility of only stoping the update service by changing a setting, or some hack, and still keep Chrome. It may be worth a shot since on some rare times you come across videos you need to watch that still use flash. Also, the way Chrome updates itself may have changed (I doubt it though) and using Chrome would not affect your Mac boot time.
You can install Chromium, the open-source version of Chrome. It does not have an auto-updater, but you can install a Chrome Extension (Chromium can use Google Chrome extensions) to inform you when an update is available.
Basically, it’s Google Chrome, but with much less Google extras running. I use it for viewing Flash sites.
The ransomware exploits an whole version number older version of Adobe Flash. For reasons of which I’m ignorant, apparently certain people are stuck using the older version due to compatibility. Anyone already up-to-date with recent versions of Adobe Flash (v21.x) has no fear.
But it can’t hurt to double-check that you’re up to date, if you’re stuck using this decrepit Adobe crapware.
https://get.adobe.com/flashplayer/
More: The ransomware affects only Windows 10 users with the old v20 and earlier versions of decrepit Adobe Flash. v21 users are unaffected.
From Adobe:
Summary
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details.
I run Safari without Flash for daily browsing etc. If I run into a site that requires Flash and I feel it’s worth viewing, I drag the URL onto the Google Chrome icon on the dock and let Chrome handle it.
This way Google can deal with the updates and I don’t have to install Flash or worry about it.
It’s the same drag, for me, only I am using the Epic anonymizing browser with a cleaner u tube and clear all history when exit and…
The problem is that I do not control when content is put up with flash.
If I want to get all content, I need to have flash.
The best I can do Is to get one of those click-to-flash plugins that prevents flash to auto-run and needs my approval. Does the provide of flash-content get a feedback about that?
This site has flash, what is MDN saying?
It does, seriously? wtf, MDN? I only access MDN on iOS.