Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Adobe Issues Critical Security Update for Flash Player on Mac
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yes.
[doublepost=1487366017][/doublepost]
If you don't use it, why are you whining about it?
And the whole critical verbiage?
That is boilerplate.
I'd enable autoupdate if I weren't afraid of the autoupdater itself also being vulnerable, plus Adobe is infamous for having crappy background processes. So I just selectively enable it for sites I trust and never update.
Also, I'm pretty sure the updates make it slower too since whatever old version of Flash I had used to run fine on my 1998 Pentium II laptop. If it used the same resources today as back then, it would use way less energy than HTML5!
[doublepost=1487368929][/doublepost]
Also, I'm pretty sure the updates make it slower too since whatever old version of Flash I had used to run fine on my 1998 Pentium II laptop. If it used the same resources today as back then, it would use way less energy than HTML5!
[doublepost=1487368929][/doublepost]
Every time there's an update, someone asks this, and I respond: Google, Facebook, and the biggest news sites all use Flash. I'd uninstall it if I could.
He was and the entire computer using world owes him a great deal of thanks for talking about that elephant in the room. Everyone was so pissed then. Now we can't wait until sites are completely flash free -- yes, that includes you Tickets.com and Ticketmaster.
[doublepost=1487371884][/doublepost]
Should be "any web developer that still designs with flash is making the world a worse place." Unfortunately there are still major sites where flash is required for full functionality.
People should stop visiting them. There's not a single site on the internet some absolutely positively has to see. If a business has locked its paid product behind flash, it needs to fail.
Really? What if someone's bank is using Flash and there's no alternative to it as far as using their bank online? What if some tool related to someone's job is in Flash? Something else along those lines? Can't really just speak for everyone and everything saying that there's nothing at all out there that someone can just go without easily use to avoid using Flash. Utopian ideas are wonderful and all, but reality is reality.
Yeah, I was thinking the same thing as every time I tried to remove it, half the sites I went to didn't work or lost their video capability, etc. (even MacRumors would whine about it missing at one point as I recall for some feature or another).
But then I just realized I removed Flash a few months ago when I got sick of daily updates (there must be more security holes in Flash than Windows 98 and XP combined given the rate of security updates over the years) and didn't even realize it wasn't on here. Either I don't surf much anymore (likely) or it's not as bad as it used to be (probably a bit of both).
It never ceases to amaze me how so many people think the entire world revolves around them and everyone likes what they like and does what they do and if they don't, it's LECTURE, SHAME and SARCASM time!
OMG OMG OMG! That guy is driving a gas guzzling polluting Ferrari! OMG! He's like so destroying the environment! He should like get a Prius! Yet I suspect they're really thinking "God, please make me rich so I can move out of my parents' basement and stop borrowing my mother's Prius, but like let me win the lottery or something because i don't want to do any real work, just spend my day updating my status on Facebook."
Last edited:
By not having Flash installed, and having it inaccessible from my main browser, arbitrary code injection and execution from rogue sites is not possible. I can then consciously make a decision to launch Chrome and use the embedded sandboxed Flash player for a particular site that requires it. I needn’t have to worry about browsing to a new site and having it launch Flash. Why not leave Flash disabled in Safari and only enable it when needed for a site you ask? Because if Flash is installed and disabled, the remote site will detect it is installed, load the Flash version of the page, with all of the disabled Flash boxes all over the place. If Flash isn’t even installed, the remote site will not find it and will serve the non-Flash page.
[doublepost=1487381059][/doublepost]
It never ceases to amaze me how so many people think the entire world revolves around them and everyone likes what they like and does what they do and if they don't, it's LECTURE, SHAME and SARCASM time!
OMG OMG OMG! That guy is driving a gas guzzling polluting Ferrari! OMG! He's like so destroying the environment! He should like get a Prius! Yet I suspect they're really thinking "God, please make me rich so I can move out of my parents' basement and stop borrowing my mother's Prius, but like let me win the lottery or something because i don't want to do any real work, just spend my day updating my status on Facebook."
Um, it’s not about being cool, or shaming, or being a milleneal. It’s about common sense. Did you know that 80% of the top 10 vulnerabilities used by exploit kits in 2015 were in ……. wait for it …. wait ……. FLASH! (source: https://www.recordedfuture.com/top-vulnerabilities-2015/) See? Common sense.
And I have no clue about the gas mileage the average Ferrari gets, but my Huracan averages 20 on the highway. ;-)
[doublepost=1487381148][/doublepost]
Most sites no longer need Flash. They will typically the same content by alternate means. Should you really need flash however, you can load the page in Chrome with has secure, sanboxed Flash embedded.[/QUOTE]
Last edited by a moderator:
I don't want to install Chrome. Safari blocks Flash by default, and I can whitelist sites that I know are safe, plus there's Click2Flash on top of that so I can make sure I only load what I want, so I'm good.
[doublepost=1487384343][/doublepost]
Safari sandboxes the Flash player too. Can't say which sandbox is safer, but I wouldn't trust either of them fully.
Last edited:
technology is so so hard to really get rid of... am sure there are still people using floppy discs somewhere. my stepfather still uses a 1st gen radio shack tractor feed dot matrix printer with the ribbon tape to print paychecks for his restaurant. the hardest part was finding and installing an old centronics parallel port card and finding a functional driver for it when he finally just upgraded from a pentium running winXP to a bargain bin acer desktop running Win10 this christmas. he has a closet full of ribbons so has no plan on ever retiring it.
Is there a difference between exploitable and actual harm done? Let's see. According to Kaspersky, for 2016 (https://kasperskycontenthub.com/sec...sky_Security_Bulletin_2016_Statistics_ENG.pdf), Flash represents a mere 8% of actual cyber attacks monitored, while Internet Explorer exploits registered 50% and the Android OS was 21%. In 2013, Java registered a whopping 90% of actual attacks they monitored (https://securelist.com/analysis/kas...ty-bulletin-2013-overall-statistics-for-2013/). By operating system, in 2015 financial malware was 92% Windows and 8% Android. In 2016, it's 36% Android, 64% Windows.
And yet in terms of a vulnerable OS, in 2014, OS X ranked #1 for most vulnerabilities (https://techtalk.gfi.com/most-vulnerable-operating-systems-and-applications-in-2014/) and yet in reality, it represents almost 0% actual attacks because there is little incentive to attack an OS used by less than 7% of the planet while Android is over 80% of all mobile (iOS is less than 20% these days; 17.7% at last count).
Thus, it's hard not to conclude that vulnerability and exploit-ability don't statistically matter much in the real world where hard financial gain comes from Android and Windows trojans and Internet Explorer browser exploits. I've heard of exactly one ransomware on the Mac and it was shut down by Apple. Viruses are non-existent on the Mac but Symantec has accrued over 17 MILLION virus signatures for various versions of Windows over the years (Classic Mac OS had about 40 known viruses. I have been unable to locate a SINGLE known virus for OS X in a recent search and yet OS X had FAR more known OS vulnerabilities than Windows in that techtalk article from 2014).
So ultimately, how dangerous is Flash on a Mac that we can bring "common sense" into the fold over usability of the Internet? Kept up-to-date, I don't know that I've ever heard of anyone losing data or money from using Flash on a Mac. I'm not saying it hasn't happened, but I don't know where to find such a statistic. I, however, have had "ID" data stolen from everything from a state IRS database (yes the whole state was hit) to various job related stored information in various company databases to several credit card company attacks, NONE of which had anything to do with me other than having that credit card or that job or living in that state. I'm forced to change a password at work at regular intervals that is over 15 mixed characters long even though no one has ever hacked into our computers and for what I'm using the computer for NO ONE ever would WANT to hack it (there's nothing there to find what-so-ever in my account). My bank (where I might want a ridiculously long and complex password) won't even allow that large a password by comparison! Companies place ridiculous requirements on unimportant crap and yet have gaping holes the size of a planet on their Internet connected servers that hackers just regularly RAID them for whatever (Yahoo has had what? Three huge attacks now that they only decided to reveal in the past year?)
Chrome itself is spyware (unless you don't mind Google monitoring everything you do to target you for advertising and whatever else they might want to store/know about you). Besides, "Most" is tentative and selective. Most sites aren't video sites. Most sites aren't necessarily what a given person visits since "most" covers everything there is. Until this past year or so, I found removing Flash entirely detrimental to viewing a number of sites' content I wanted to view and I refuse to use Google's spyware browser (that is not very customizable to boot). If I had ditched Flash when Steve Jobs suggested we all ditch it, I would have had a very hard time on a very large number of web sites. It is only in the past year that I've found I haven't run into huge problems browsing without Flash at home.
Don't get me wrong. I despise Flash itself. But choosing between losing content and ditching Flash has always been a tough decision and I'm not convinced that ever more complex browsing standards don't have down sides as well. Just try to visit a site like Forbes with an ad-blocker. They know you're using it. You have to essentially get an anti-ad-blocker blocker to visit it without giant full page obtrusive ads in your face. How many sites have I had to disable Javascript to keep it from disabling basic browser functions like the right-context menu (they don't want you saving a photo or whatever). In the old days, those endless pop-up windows (that tried to freeze your computer by opening 2000+ windows) were extra fun to deal with. I don't like the fact that a browser can even OPEN another browser window on its own, let alone tell sites I have an ad blocker installed when they ask or block functions because the site wants it to. Who are they serving, the user or every corporation that wants to force you to watch ads to see what time it is?
[doublepost=1487388505][/doublepost]
I dunno, people that don't want Google's spyware called Chrome on their computer perhaps?
No doubt Google saves everything, but if you turn off all of its phone-home features, is there any evidence Chrome still phones-home?
Uninstalled it. Too risky and why should anyone need it or use it today?
If a website insists on me installing it I leave and I don't return.
Thank you Steve, for stabbing it in the back all those years ago.
"Thoughts on Flash"
If a website insists on me installing it I leave and I don't return.
Thank you Steve, for stabbing it in the back all those years ago.
"Thoughts on Flash"
I don't know about you, but I haven't found advanced HTML5 and JavaScript features on websites any more efficient than Flash. It's all hacky garbage that gobbles my CPU cycles and RAM. Especially the videos. I load with QuickTime whenever possible. Only reason I hate Flash more is it's a proprietary standard, which ought to be an oxymoron.
It seems like every other week there is a "critical security update" for flash player. I don't think Adobe is even trying to put out something good...
Those companies who still refuse to abandon Flash should be boycotted, maybe then they get the message.
Those companies who still refuse to abandon Flash should be boycotted, maybe then they get the message.
Unfortunately there are still businesses who insist on using it - my current employer insists on having all their media assets for their training courses delivered through a website which uses Flash. It is amazing how much Microsoft has jumped into embracing web standards and I hope that Apple get their act together and start supporting HEVC, VP9, VP8, Opus and AV1 along with other standards such as WebRTC and more because right now Safari is looking a lot like Internet Explorer based on how far behind when it comes to embracing new web standards.