Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Adobe Releases Flash Player Update for 'Critical' Security Vulnerability on Mac

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,545
39,400



Adobe-Flash.png
Adobe has released security updates for Flash Player that address critical vulnerabilities that "could potentially allow an attacker to take control of the affected system." Adobe is aware of "limited, targeted attacks" on OS X, Windows, and Linux.

Adobe lists the affected Flash Player and AIR versions in a security bulletin on its website. Mac or PC users running an affected version should immediately uninstall the web plugin or update their installation to the newest version outlined on Adobe's website.

Apple blocks many older or vulnerable versions of web plugins from functioning, including Adobe Flash and Java, to help limit exposure to potential "zero day" exploits. The web plugins remain blocked in Safari until you install the latest updates. Chrome, Firefox, and most other modern web browser also have web plugin safeguards in place due to the high number of past security risks.

Article Link: Adobe Releases Flash Player Update for 'Critical' Security Vulnerability on Mac
 
Article Link
https://www.macrumors.com/2016/03/11/adobe-flash-critical-security-update-mac/
Cuban Missles said:
Wait, I thought Flash was dead. Why does anyone still have it installed.

Better option is to UNINSTALL
Click to expand...
Flash might already be dead in your case but not in all users' cases: some sites have no HTML5 replacement or said replacement lacks functionality compared to the Flash version. Said that, it's possible to whitelist the plugin to run only from the required sites reducing somewhat the risk.
 
  • Like
Reactions: orbital~debris, lars666, bryanescuela and 6 others
1. If you MUST use Flash, just use Chrome for those instances.
2. If you MUST use Safari, Develop > User Agent > iOS can switch your flash videos to HTML5 (often)
3. I have NEVER stayed on a Flash website more than a minute, so Flash is ONLY for videos as far as I'm concerned.
4. Steps 1/2 99% solve Flash for me. I will never have it installed on my system again.
 
  • Like
Reactions: PowerBook-G5, jocamero, dmj102 and 4 others
Pretty much what i do as well, i have installed Chrome for this reason alone, start it about once / month for that odd site that requires Flash (hello Programmers!).

furi0usbee said:
1. If you MUST use Flash, just use Chrome for those instances.
2. If you MUST use Safari, Develop > User Agent > iOS can switch your flash videos to HTML5 (often)
3. I have NEVER stayed on a Flash website more than a minute, so Flash is ONLY for videos as far as I'm concerned.
4. Steps 1/2 99% solve Flash for me. I will never have it installed on my system again.
Click to expand...
 
  • Like
Reactions: centauratlas
bsolar said:
Flash might already be dead in your case but not in all users' cases: some sites have no HTML5 replacement or said replacement lacks functionality compared to the Flash version. Said that, it's possible to whitelist the plugin to run only from the required sites reducing somewhat the risk.
Click to expand...
That is no excuse. The owner of web content has a responsibility to avoid technologies that threaten the security of their users machines. It's not like anyone is surprised that Flash has yet another critical security failure.
While I agree that there are some limited use cases where Flash excels over HTML5, that still does not justify the use of such a dangerous plugin.
If you must use Flash, please use Chrome. At least when using Chrome, vulnerabilities are better sandboxed. Trust me, I'm as worried about YOUR machine being compromised as you are.
 
  • Like
Reactions: keysofanxiety, akidd, aarond12 and 1 other person
To the already posted and the numerous up coming posts, we get it. You've moved on from flash. Good for you, continue to give yourselves a pat on the back EVERY time a patch is released. Some of us have jobs that require the use of web based apps that run on flash. Case in point: VMware. Number one virtualization platform in the enterprise. They require a web based management console, and guess what it runs on. Sure, they plan on moving to HTML one day, but until that happens I'm glad these posts exist to help keep people aware of the security risks out there.
 
  • Like
Reactions: Brian33, orbital~debris, jhwalker and 5 others
I'm so close to just switching to Chrome because of it's security/updating model. I don't like Google, but they seem to have a better handle on this than other companies.
 
  • Like
Reactions: DotCom2
err404 said:
That is no excuse. The owner of web content has a responsibility to avoid technologies that threaten the security of their users machines. It's not like anyone is surprised that Flash has yet another critical security failure.
While I agree that there are some limited use cases where Flash excels over HTML5, that still does not justify the use of such a dangerous plugin.
If you must use Flash, please use Chrome. At least when using Chrome, vulnerabilities are better sandboxed. Trust me, I'm as worried about YOUR machine being compromised as you are.
Click to expand...

He's referring to the end user side. We use certain sites that run flash, and there's no two ways about it. People act like the only thing that runs flash are online video and game sites. Unfortunately, there are A LOT of other sites that run flash that are important or even critical to our day to day lives.
 
  • Like
Reactions: TimSHB and H2SO4
bsolar said:
Flash might already be dead in your case but not in all users' cases: some sites have no HTML5 replacement or said replacement lacks functionality compared to the Flash version. Said that, it's possible to whitelist the plugin to run only from the required sites reducing somewhat the risk.
Click to expand...
Don’t worry. Every time there is a post about flash someone will deliberately write a crappy post like that. This time it happens to be Cuban Missiles who obviously had the crisis.
 
  • Like
Reactions: orbital~debris
I dont have it installed, but was considering it since Fox made new XFiles episodes, and the only way to view them in an apple household is via flash plugin.
 
bsolar said:
Flash might already be dead in your case but not in all users' cases: some sites have no HTML5 replacement or said replacement lacks functionality compared to the Flash version. Said that, it's possible to whitelist the plugin to run only from the required sites reducing somewhat the risk.
Click to expand...

Closingracer said:
Because some websites still use it that I visit regularly?
Click to expand...

Seriously speaking, I uninstalled Flash a while back on my Apples. If a site I visit requires it, then I move on and they lost my patronage. I refuse to reward anyone for using Flash.

shareef777 said:
To the already posted and the numerous up coming posts, we get it. You've moved on from flash. Good for you, continue to give yourselves a pat on the back EVERY time a patch is released. Some of us have jobs that require the use of web based apps that run on flash. Case in point: VMware. Number one virtualization platform in the enterprise. They require a web based management console, and guess what it runs on. Sure, they plan on moving to HTML one day, but until that happens I'm glad these posts exist to help keep people aware of the security risks out there.
Click to expand...

http://www.vladan.fr/esxi-free-web-client-interface/
 
  • Like
Reactions: keysofanxiety, BlueParadox and centauratlas
furi0usbee said:
1. If you MUST use Flash, just use Chrome for those instances.
2. If you MUST use Safari, Develop > User Agent > iOS can switch your flash videos to HTML5 (often)
3. I have NEVER stayed on a Flash website more than a minute, so Flash is ONLY for videos as far as I'm concerned.
4. Steps 1/2 99% solve Flash for me. I will never have it installed on my system again.
Click to expand...

You do realize you have it on your system, just integrated in the Chrome browser rather than as a separate plugin, right?

This is fine if you only use Chrome for those specific sites, akin to whitelisting those sites for Flash. But that is hardly a real solution.
[doublepost=1457708375][/doublepost]
DELTAsnake said:
I'm so close to just switching to Chrome because of it's security/updating model. I don't like Google, but they seem to have a better handle on this than other companies.
Click to expand...

Again, this is foolhardy. Chrome includes the Flash plugin. The only difference between this and Safari with the plugin is that you are dependent on the timeliness of Chrome updates to get Flash updates a few days after they happen, and that the plugin update happens as a part of the browser update process.

You are just as vulnerable to these exploits as any other user using the Flash plugin, except that you have to wait for the update to be included in Chrome to get it (which isn't a huge delay, but that delay is not a good thing).
 
  • Like
Reactions: DotCom2
I have Flash on my computer. How do I know if I need it? I'm not sure if any websites I use actually require it anymore...? I mainly use Facebook, Google Maps (Chrome), Netflix, Comcast XFINITY, and YouTube.

If none of those websites require Flash, I can just uninstall it.
 
KoolAid-Drink said:
I have Flash on my computer. How do I know if I need it? I'm not sure if any websites I use actually require it anymore...? I mainly use Facebook, Google Maps (Chrome), Netflix, Comcast XFINITY, and YouTube.

If none of those websites require Flash, I can just uninstall it.
Click to expand...


Facebook, Google maps and YouTube doesn't use it. Netflix used Microsoft silverlight for its videos but I believe they either changed to HTML 5 or in the process.
 
  • Like
Reactions: centauratlas
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back