Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Adobe Releases Critical Security Update for Flash Player on Mac

C DM said:
Not necessarily all that doable if let's say your bank uses a site like that or some site that you need to use for work does or something like that.
Click to expand...
I am being serious here. If your bank requires you to have questionably secure software on your machines, switch banks.
 
  • Like
Reactions: pat500000
Every time I check that box to "install updates automatically", and every…single…time it never automatically updates. I can't wait until I can stop using this completely at work. Sometimes I have to do B.S. training modules and crap for various compliance issues and it's all in Flash. My personal Mac doesn't have Flash installed. Isn't Google also blocking Flash from working in a future version of Chrome or something?
 
  • Like
Reactions: S G
err404 said:
I am being serious here. If your bank requires you to have questionably secure software on your machines, switch banks.
Click to expand...
Sounds all good in theory and principle, too bad reality doesn't quite function on those.
 
  • Like
Reactions: Ener Ji
C DM said:
Not necessarily all that doable if let's say your bank uses a site like that or some site that you need to use for work does or something like that.
Click to expand...
If a bank uses flash, I certainly do not want to do business on-line with them. And for work, it's their computer and if they want to have a huge security hole and terrible performance I guess that is their problem. (BTW, at my work, we do not have flash based apps because we realised the threat it was a long time ago).
 
  • Like
Reactions: TiquanS, tonyr6 and Romey-Rome
C DM said:
And if you need to for whatever reason (banking, work, something else)?
Click to expand...
In all seriousness, I'm sorry if you have some stuff like that. Personally, I haven't had Flash installed on my machine in more than two years, and I've found that it's pretty simple to just avoid sites that require Flash.
 
I kinda thought Adobe only made updates to Flash unless it is critical at this point. Why would they still be working on "improving" that thing?

I just wish there was a way to stop ALL auto-start video/ads/etc in Safari.
 
In case some are lapsing into complacency, HTML5 is not, and never will be, bullet proof. I'm not suggesting that the two's vulnerabilities (Flash and HTML5) are equal, but am suggesting to not overlook HTML5's current (and to keep an eye on its future) vulnerability status --
[...]In fact, HTML5 has security issues of its own. Julien Bellanger, CEO of application security monitoring firm Prevoty, says HTML5 makes security more complex, not simpler. HTML5 security has been a question mark for years, and it has not improved over the stretch, he says.[...]
Among the risks that HTML5 brings, according to Bellanger:

  • Canvas image-rendering exploits, which can cause buffer overflows that a hacker could then use to inject code into the session
  • Cross-site scripting, where intruders can steal information from a session in the browser
  • SQL injection, where a malicious query is used to extract information from a database in the browser
  • Cross-site request forgeries, where a user token is taken over to impersonate a user on the Web
The use of HTML5 also exposes more of what's on the computer or mobile device, such as local storage and device location, says Dan Cornell, CTO of cyber security consultancy Denim Group. "Because HTML5 applications can access these facilities, there is an opportunity for abuse," he says.[...]

"The problem we have is that browsers are inherently insecure," says Kevin Johnson, CEO at IT security consulting firm Secure Ideas. For example, HTML5 offers no secure sandboxing protection, such as what Flash can have in the Chrome browser, he notes.

"Another issue we have that we are adding significant complexity to HTML5 without adding the same level of control to the user," Johnson says. At least with Flash, users can turn it off. But they can't turn off HTML.[...]
Click to expand...
http://www.infoworld.com/article/2956193/html5/sick-of-flash-security-holes-html5-has-its-own.html

The future might be better but bad actors do adapt.
 
err404 said:
I am being serious here. If your bank requires you to have questionably secure software on your machines, switch banks.
Click to expand...

So you're saying it's a religious crusade. Right-thinking people should not associate with anyone who uses Flash, no matter how inconvenient and time consuming avoiding them may be.
 
  • Like
Reactions: BlandUsername
IJ Reilly said:
So you're saying it's a religious crusade. Right-thinking people should not associate with anyone who uses Flash, no matter how inconvenient and time consuming avoiding them may be.
Click to expand...
Spin it however you want. The fact of the matter is that Flash has been shown for a decade to be among the most dangerous software you can have on your machine. If my bank knew this and did not care, I would loose trust in that bank.
Besides the quality of the online experience of my banking is important to me. A bank requiring Flash, is not investing in that experience.
Also if their front end is bad, how can I trust that the back end NPI is secure?
 
  • Like
Reactions: 2457282
ArtOfWarfare said:
I know everyone else says that Flash isn't necessary... and normally I'd agree with you all... but I have a Mac Mini running Snow Leopard hooked up to my TV. Up until a few weeks ago, I used it to stream HBO.

Then HBO decided that I needed a newer version of Flash to be allowed to use their website, and I discovered Flash wasn't supporting Snow Leopard with current versions anymore.

Does anyone know what the best way out of this situation is? Is there a way to force newer versions of Flash to run on Snow Leopard? Can I force HBO to load on a newer version of Flash? Or should I just upgrade the Mac Mini to Lion? I have the installer already on the computer and I have 2 GB of RAM so can install it... but I just recall Lion as being way worse than Snow Leopard when it comes to performance, so I wasn't actually planning on installing it ever...




Your post + your signature go together beautifully.
Click to expand...
Why? Because the Mac faithful might not need it they deem it’s useless to you also and that they must be right.
 
  • Like
Reactions: JackANSI
I still remember the times when friends who had android would tautly ask me, "Does your iPhone play flash???" I always just shook my head at that very irrelevant question..
 
ArtOfWarfare said:
I know everyone else says that Flash isn't necessary... and normally I'd agree with you all... but I have a Mac Mini running Snow Leopard hooked up to my TV. Up until a few weeks ago, I used it to stream HBO.

Then HBO decided that I needed a newer version of Flash to be allowed to use their website, and I discovered Flash wasn't supporting Snow Leopard with current versions anymore.

Does anyone know what the best way out of this situation is? Is there a way to force newer versions of Flash to run on Snow Leopard? Can I force HBO to load on a newer version of Flash? Or should I just upgrade the Mac Mini to Lion? I have the installer already on the computer and I have 2 GB of RAM so can install it... but I just recall Lion as being way worse than Snow Leopard when it comes to performance, so I wasn't actually planning on installing it ever...




Your post + your signature go together beautifully.
Click to expand...

It would require a hardware purchase but I'd recommend just picking up an Apple TV. I use their app on the Apple TV and it works great. Plus it's more compact, less power draw, OS is intended to be operated entirely by remote, etc...

It's a great little product and removes that Flash issue for a couple hundred dollar investment.
[doublepost=1476291100][/doublepost]
C DM said:
And if you need to for whatever reason (banking, work, something else)?
Click to expand...

I do business with one financial institution that has a Flash based web site. They also have an app though so I installed it instead (and logged a complaint about their reliance on Flash on the web site). Otherwise if I hit a site that uses Flash I just hit the back button and search for an alternative.
 
  • Like
Reactions: BeefCake 15
ArtOfWarfare said:
I know everyone else says that Flash isn't necessary... and normally I'd agree with you all... but I have a Mac Mini running Snow Leopard hooked up to my TV. Up until a few weeks ago, I used it to stream HBO.

Then HBO decided that I needed a newer version of Flash to be allowed to use their website, and I discovered Flash wasn't supporting Snow Leopard with current versions anymore.

Does anyone know what the best way out of this situation is? Is there a way to force newer versions of Flash to run on Snow Leopard? Can I force HBO to load on a newer version of Flash? Or should I just upgrade the Mac Mini to Lion? I have the installer already on the computer and I have 2 GB of RAM so can install it... but I just recall Lion as being way worse than Snow Leopard when it comes to performance, so I wasn't actually planning on installing it ever...
Click to expand...

Well, I just installed the Flash update and it seems to work fine on my MacBook running Snow Leopard.
 
philosopherdog said:
Why are people still using this? Uninstall it. You don't need it anymore.
Click to expand...
You know, Google Finance, Facebook videos, and just about every video news site (unfortunately) still use it.

Edit: TD Ameritrade's site still uses Flash for some advanced features like Trade Architect. It's not exactly trivial to redo those things in HTML and JS.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back