The IT Nerd

I mentioned that there were new security related flaws in Adobe Flash that were actively being exploited earlier this week. Fixes for those flaws are now available as per this document from Adobe. I would suggest that you update your copy of Flash right now. Though the better course of action is to dump Flash and never look back. You’ll be better off if you do that.

You might recall that I warned you about a vulnerability in Adobe Flash that was being actively exploited in the wild. Though, there are so many vulnerabilities in Flash that it’s likely hard to keep track of them. In any case, Adobe has released patches to address these issues.

My advice is what you usually hear whenever I discuss Flash exploits. If you still use Flash, download these updates now. But you’re better off dumping Flash altogether as it will make your computer far more safer seeing as Adobe can’t seem to make Flash secure.

Stop me if you’ve heard some version of this before.

Adobe has announced that will shortly release a patch to kill a Flash exploit that is being used as we speak. This exploit affects Flash Player version 20.0.0.306 and older for Windows, OS X, Linux, and Chrome OS. Windows 7 and Windows XP users are being actively targeted by malware writers exploiting the flaw which is what made Adobe rush to fix this. Now, if you’re running a version of Flash later than 21.0.0.182, then a mitigation for the attack is already in place.

One has to wonder exactly when the moment will come where people get tired of installing patch after patch to mitigate the ongoing security nightmare that Adobe Flash is and simply dump it once and for all. Take it from me. You don’t need Flash. So dump it now and thank me later.

It’s really getting tiresome to hear Adobe to keep putting out emergency fixes for that highly insecure plug in known at Adobe Flash. Here’s what they said:

Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks

So, you know the drill. Download the latest version of Flash and protect yourself. Or better yet, you should dump Flash. It’s proving to be a security nightmare and you don’t need the hassles that this rather insecure plug in creates.

I took the time period around Christmas off to do some non-nerdy stuff and came back to work to find an Adobe Security Bulletin that warns of a threat that Flash users are all too familiar with:

Adobe has released security updates for Adobe Flash Player.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks.

Lovely. It is clear that Flash is a secure as ever. Which means it isn’t secure. Thus the usual advice applies. If you must run Flash, update now. But if you want to stay safe, remove Flash from your system and sleep better at night as a result.

A blog post on Adobe’s website is announcing that From January 2016, Adobe Flash Professional which is Adobe’s main authoring tool for Flash animations will be renamed to ‘Adobe Animate CC’. Here’s what the company had to say on that front:

Today, over a third of all content created in Flash Professional today uses HTML5, reaching over one billion devices worldwide. It has also been recognized as an HTML5 ad solution that complies with the latest Interactive Advertising Bureau (IAB) standards, and is widely used in the cartoon industry by powerhouse studios like Nickelodeon and Titmouse Inc.

Animate CC will continue supporting Flash (SWF) and AIR formats as first-class citizens. In addition, it can output animations to virtually any format (including SVG), through its extensible architecture.

One has to wonder if this is being done to make us begin to forget what a security mess that Adobe Flash is? In other words, is this the beginning of a re branding exercise? I say stay tuned and we’ll find out together.

You might recall that earlier this week a critical Adobe Flash flaw with no known fix was disclosed. Adobe to their credit have now come out with a patch for this flaw. If I were you and still for whatever bizarre reason running Flash, you should install right now.

Here’s the deal. This patch is going to protect you until the next flaw comes out. Then that will get patched, and the merry go round starts again. The fact is that Flash isn’t secure, and if you run it you are at risk. Do yourself a favor and dump Flash. You’ll be more secure. Oh, if it helps you to make the call on whether to keep Flash or not, here’s another fact. If you use Google Chrome, this exploit bypasses the sandbox that Google has created to stop Flash related exploits from harming you. I guarantee you that this will not be the last exploit that does this. That should REALLY scare you.

If you think that you’re safe because you updated your copy of Adobe Flash yesterday, think again.

Researchers from Trend Micro report a new attack on fully-patched versions of Adobe Flash. The attacks come from an espionage campaign run by a hacking group known as Pawn Storm, and seem to target only government agencies according to ARS Technica. What’s worse is that at present there is no known defense against it. Adobe is aware, and it would not surprise me if an emergency fix is out in the next few days. But this simply reinforces the fact that Adobe Flash does more harm than good and should be removed from your system to keep you safe.

If you still for whatever reason have Adobe Flash installed on your computer, you need to update your copy now. Adobe Security Bulletin APSB15-24 documents a huge list of “critical” Adobe Reader and Acrobat flaws for which the company has issued yet another set of patches. All the flaws could ” potentially allow an attacker to take control of the affected system.”

Lovely.

These flaws affect people on all platforms. Mac, Windows, it doesn’t matter. Thus if you still have Adobe Flash, you should update ASAP. Or if you really want to be safe, just dump Flash. You’ll be better off for it.