Adobe Issues Critical Security Update for Flash Player on Mac

[canadianreader]

uninstalled years ago

 

[nt5672]

Any site that uses Flash today, does not deserve any visitors. Period. "Just say no!"

 

[Bart Kela]

I can see this thread is going to be full of the same old people who don't use it moaning about how they don't use it ad nauseum. For the rest of us we are glad that at least Adobe are providing regular updates.

And for those of who are still using Flash, this is another reminder for you to periodically review your Flash usage and decide whether or not to continue bearing the risks of using it.

You should thank Adobe for that as well.

 

[0388631]

My flash is set to auto-update and it's only used on one browser that's a portable install.

 

[lincolntran]

I can't recall the last time there's a non-critical flash update.

 

[Fall Under Cerulean Kites]

Seriously, WHO still has Flash installed, and WHY?! I’ve removed Flash completely. On the rare occasion (maybe twice in the past year) that I’ve needed to load a Flash-only web page, I’ve just clicked in Safari Develop->Open Page With->Google Chrome, as Chrome has Flash built-in.

 

[joueboy]

Here's my situation with Flash, when I need it I try different ways to get away from it. If no other option I go ahead download it just for that situation. Then after using it that day I uninstall that trash. This should have died first before SJ and he would have died peacefully.

 

[thisisnotmyname]

shocking. *eye roll*

edit: the only thing I miss about Flash is that by disabling it you used to be able to stop all the auto-play video on the internet. Now with HTML5 becoming very common the browser manufacturers have yet to provide a concrete way to stop its autoplay capability. Other than that, good riddance Flash, you've been a source of great pain to too many people for far too long.

 

[dammerl]

I wish I could join the Uninstalled Flash party, but I need the bloody thing for some rather archaic services I use at work. Maybe one day. Maybe.

Use Chrome for Flash pages. Chrome comes with its own Flash. (At least this was the case some time ago; haven’t used it recently.)

 

[KALLT]

Just don't install it and keep Chrome as a side-browser (if Safari is your main one).
Then you use Chrome's native Flash plugin which I trust more.

Chrome’s ’native’ plug-in is identical to the PPAPI version of the Flash plug-in that you can download from Adobe. The only difference is that Chrome downloads and updates it for you. It will still end up in your library as a plug-in bundle, just not in a shared location. If you have Chrome installed, then you will also have Flash installed. It makes no difference otherwise.

If you are not using Chrome already, then I see no reason why should install it just for Flash. It is a waste of space, as Chrome is much larger than the plug-in. Chrome also has the habit of being chatty with Google’s servers, so it comes at a cost for you privacy.

 

[C DM]

Seriously, WHO still has Flash installed, and WHY?! I’ve removed Flash completely. On the rare occasion (maybe twice in the past year) that I’ve needed to load a Flash-only web page, I’ve just clicked in Safari Develop->Open Page With->Google Chrome, as Chrome has Flash built-in.

Simple, those who use a site or service that still uses Flash.

 

[naeS1Sean]

Thanks for the heads up, Macrumors.

 

[silvetti]

Chrome’s ’native’ plug-in is identical to the PPAPI version of the Flash plug-in that you can download from Adobe. The only difference is that Chrome downloads and updates it for you. It will still end up in your library as a plug-in bundle, just not in a shared location. If you have Chrome installed, then you will also have Flash installed. It makes no difference otherwise.

If you are not using Chrome already, then I see no reason why should install it just for Flash. It is a waste of space, as Chrome is much larger than the plug-in. Chrome also has the habit of being chatty with Google’s servers, so it comes at a cost for you privacy.

I use Safari as my main browser "flash-free" and I almost never have any issues. If I do find any website that requires it I then decide if it's worth firing up Chrome for it or not.

This way I am more protected and less vulnerable to Flash exploits, or so I like to believe

Also for the Chrome habits I have Little Snitch with a specific set of rules

 

[KALLT]

I use Safari as my main browser "flash-free" and I almost never have any issues. If I do find any website that requires it I then decide if it's worth firing up Chrome for it or not.

This way I am more protected and less vulnerable to Flash exploits, or so I like to believe

Safari gives you control over any plug-ins you have installed, in Preferences → Security. You can choose between ‘allow’, ‘ask’ and ‘block’ and set exceptions for specific websites.

 

[MacGekko]

Adobe this week released Flash Player version 24.0.0.221 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS.

Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also available from the Adobe Flash Player Download Center.

Flash Player users who had enabled the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 24.0.0.221. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date.

Adobe said the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.

Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released fifteen Flash Player security updates over the past year.

In 2010, Apple co-founder Steve Jobs shared his "Thoughts on Flash," in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash," while criticizing its performance on mobile devices. "Flash was created during the PC era - for PCs and mice," he opined.

Article Link: Adobe Issues Critical Security Update for Flash Player on Mac

ALERT: For those who use Flash on Chrome, check your Flash version, I thought I was updated automatically through the Chrome update, but after I read this article I checked and Flash had not been updated since mid December, bad job by Chrome.

http://www.computerworld.com/article/3170155/internet/how-to-immediately-update-flash-in-chrome.html

 

[SeattleMoose]

Took out the trash 2 years ago...never looked back.

 

[MacGekko]

I can see this thread is going to be full of the same old people who don't use it moaning about how they don't use it ad nauseum. For the rest of us we are glad that at least Adobe are providing regular updates.

So true, does anyone care if you don't use Flash, if you want to use the web version of Spotify, you need Flash, don't forget to read this article.

http://www.computerworld.com/article/3170155/internet/how-to-immediately-update-flash-in-chrome.html

 

[silvetti]

ALERT: For those who use Flash on Chrome, check your Flash version, I thought I was updated automatically through the Chrome update, but after I read this article I checked and Flash had not been updated since mid December, bad job by Chrome.

http://www.computerworld.com/article/3170155/internet/how-to-immediately-update-flash-in-chrome.html

No idea what that guy means but my Chrome shows latest flash plugin:

 

[MacGekko]

No idea what that guy means but my Chrome shows latest flash plugin:

Article is self explanatory, in some cases even though Chrome is "up to date", Flash is not updated to the latest version, in your case it was updated, great.

 

[lostczech]

I would love to uninstall Flash for good, but Pandora and Google Play Music require it..

 

[JGRE]

Removed flash last year never missed it for a second, just waiting to remove Silver Light and Java as well. Sadly my cable provider used Silverlight for the TV app, no idea why. Would have to check what uses Java besides Minecraft (my son uses sometime).
[doublepost=1487354700][/doublepost]

No idea what that guy means but my Chrome shows latest flash plugin:

Don't use Chrome, problem solved.

 

[jamesnajera]

Tip, if you need Flash, only use it in Chrome. Do not install Flash on the OS/Safari. This way you can use Safari without Flash and for those rare occasions when a website requires Flash, copy the URL and load the site in Chrome.

 

[silvetti]

Don't use Chrome, problem solved.

I don't think you read my post correctly

 

[cerote]

I wish I could join the Uninstalled Flash party, but I need the bloody thing for some rather archaic services I use at work. Maybe one day. Maybe.

Same. Actually they switched an big part of work to flash last year and I am not sure who the hell thought that would be good idea. Even more so with the amount of diverse coders we have in our company.

 

[zoomos]

Just updated chrome and they removed the option in chrome://plugins to disable flash, some deal they made with adobe?

Anybody else confirm this and is their a work around, renaming the pepperflash plugin still tries to load it rather then the html5 player.

EDIT:
Found this.
chrome://flags/#prefer-html-over-flash and you enable it. Hopefully it fixes it.