Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Google and Mozilla pull the plug on Adobe Flash
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Google and Mozilla pull the plug on Adobe Flash

Google and Mozilla pull the plug on Adobe Flash: Tech giants disable the program on browsers following 'critical' security flaw

Leaked documents from an Italian cyber group recently revealed Adobe Flash has at least three serious vulnerabilities that lets hackers take over anyone's computer.

The end is could be nigh for Adobe Flash.
Leaked documents have revealed the program has a serious vulnerability that lets hackers take over anyone's computer.
And despite various patches and attempts at fixes, Google and Mozilla have now both pulled support for the plugin on their respective Chrome and Firefox browsers.

Adobe Flash, also known as Shockwave Flash, is used by websites to show multimedia items such as videos, graphics, games and animations.
It was once the go-to standard for multimedia, but many sites now use a markup language known as HTML 5 that does a similar job but is more advanced, doesn't require browser plugins and, given the recent hacks, is more secure.

Plugins, in particular, need to be updated regularly and are vulnerable to security flaws if people are using out-of-date versions.

Such a weakness was recently found in both the software version of Adobe Flash, and its plugin.
By its nature, the Chrome version of the Flash plugin is more secure than the program but its extra security was still not enough to block hackers completely.

This flaw was revealed when a cyberattack on government-sponsored group Hacking Team leaked a series of documents.
These documents showed the Italian group using at least three unpatched Flash exploits to reportedly hack into people's accounts and take over their computers.

It appears this organisation allegedly sold tools and services to governments, including oppressive regimes.
However, once the details of the flaws were made public it left the software open to other hacking groups and cybercriminals that could potentially take advantage of them.
This could involve attackers installing malware on people's computers, stealing personal details, monitoring keystrokes to steal passwords and more.
And it is believed these exploits have been live for at least four years.

Since the documents were leaked, security researchers have verified three previously unknown attacks, and the most recent, spotted by Trend Micro, has been rated as 'critical.'
Following the leak Adobe released a patch to fix the original vulnerability and this update was released on 8 July.
Earlier today the firm released another updated to Flash Player and said: 'We are proactively pushing the update out to users. We are also working with browser vendors to distribute the updated player.

'Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, is a target of malicious hackers.
'We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.'
It added that it will partner with browsers to both improve Flash Player security as well as invest in, contribute to and support more modern technologies such as HTML5 and JavaScript.

Despite this, both Google and Mozilla have pulled support for the Adobe Flash plugin on Chrome and Firefox.

On Chrome, users will see an error message when they visit sites running Flash prompting them to upgrade the plugin, or it will let them 'Run this time.'

This enables the plugin for that specific video or graphic.
But when they try to update it, as per Google's official instructions, the component fails to update.

Google has not released an official statement.
On Firefox, updating the vulnerable Shockwave Flash plugin takes users to a blocked plugin page.
It explains: 'Flash Player Plugin between 11.0 and 11.7.700.169 has been blocked for your protection.

'Old versions of the Flash Player plugin are potentially insecure and unstable. All users are strongly recommended to update on our plugin check page.'

It warns that all users who have these versions are affected and Mozilla is automatically disabling the plugin.

Security researchers are advising people that 'due to the serious nature of this vulnerability and the likely risk of its use in cyberattacks in the coming days, we recommend users disable Adobe Flash Player in their browsers until the issue is patched.'

Comments

  • About time! Already have it disabled in my main browsers.

  • perennateperennate Member, Host Rep
    edited July 2015

    linuxthefish said: About time! Already have it disabled in my main browsers.

    From what I can see it's just old versions that are disabled? Not sure what's the point of posting this article, it's kind of obvious and the article is poorly written..

  • dnwkdnwk Member

    Lots of advertiser will be scared. It works like a ad-blocker.

  • krishnapkrishnap Member
    edited July 2015

    @perennate said:
    From what I can see it's just old versions that are disabled? Not sure what's the point of posting this article, it's kind of obvious and the article is poorly written..

    From what I can see its ALL versions. The latest version is still vulnererable

  • I don't use Flash Player since a long time ago, but (unfortunately) I had to install it to view something on a website. The next day this whole thing about "Hacking Team" appears. I was like "Really? I installed this yesterday and today I have to remove it?". Well, I'm glad I only had it installed for one day.

  • krishnap said: From what I can see its ALL versions. The latest version is still vulnererable

    latest version is fine.

  • linuxthefishlinuxthefish Member
    edited July 2015

    @perennate said:
    From what I can see it's just old versions that are disabled? Not sure what's the point of posting this article, it's kind of obvious and the article is poorly written..

    Security issues aside, flash is rubbish and overused. It should not be a part of the modern web, all I see it used for is auto playing crap and adverts.

    Most websites support HTML5 video now, at least the good ones do.

  • Flash is the mark of incompetent web developers. Unfortunately there's way too many of those, especially in the corporate world.

    Thanked by 2linuxthefish NeoXiD
  • @Ole_Juul said:
    Flash is the mark of incompetent web developers. Unfortunately there's way too many of those, especially in the corporate world.

    :begin rant:
    Yeah, the same kind of incompetence that abuses JavaScript to break core functionality of HTML. I'm appalled every time I hit a site where clicking links is totally non-functional without scripting. Ridiculous! As a result of these kinds of abuses, web browser makers were forced to enable JavaScript by default. sigh
    :end rant:

  • NeoXiDNeoXiD Member
    edited July 2015

    @Ole_Juul said:
    Flash is the mark of incompetent web developers. Unfortunately there's way too many of those, especially in the corporate world.

    Just reminded me of derbauer.de. (Press: GO SITE) Might look "c00l", but ewww, full-flash-websites. Almost as terrible as those flash intros which where so uberhip in the past.

  • Flash is the mark of incompetent web developers. Unfortunately there's way too many of those, especially in the corporate world.

    It's worth remembering that some sites would have invested $$$$ into some flash app and it's not easy to just throw away or instantly replace.

    Even in the early days of development I was always advised to be careful in the use of flash, since it wasn't/isn't spiderable by search engines. It's always been a bit gimmicky but agree that HTML5 takes away much of the need for it.

  • DillybobDillybob Member
    edited July 2015

    RIP kingsroad. :( #1 action rpg browser game.... fucck

  • Flash still plays an important role in web/browser gaming. Progress to move onto HTML5 or something like Unity is pretty slow.

  • ClouviderClouvider Member, Patron Provider

    Yes, I haven't seen any serious website still using flash to be honest. It's about time.

  • I'm all in favor of HTML5. Flash has been junk for years and it's time to move past it. This is just the icing on the cake.

Sign In or Register to comment.