Never miss an update Follow AppleInsider
Friday, May 04, 2012, 11:46 pm
Adobe issues emergency update to fix cross-platform Flash exploit
Adobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer .Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.
First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.
"Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235," Adobe said in the bulletin. "Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9."
Source: Adobe
While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.
On Topic: General
- In-cell touch panel tech projected to remain a unique differentiator for Apple devices
- Apple patent chief departs amid major ongoing IP lawsuits
- Steve Jobs discusses his legacy in rare 1994 video interview
- Solar charging stations with Apple Lightning & 30-pin connectors come to New York
- Briefly: Jony Ive's title at Apple shortened to 'SVP of Design'
Previous Comments View All
Seems like I read about a flash exploit every 2 days. Fucking amazing. The sooner the platform is completely dead and irrelevant, the better. Not sure where we'd be without Apple who dealt it some fatal blows. SJ was completely right to keep flash off iOS.
Hilariously, this same headline could have been run any time over the past 12+ years. I guess people just can't get enough of Internet Explorer.
Seems like I read about a flash exploit every 2 days. Fucking amazing. The sooner the platform is completely dead and irrelevant, the better. Not sure where we'd be without Apple who dealt it some fatal blows. SJ was completely right to keep flash off iOS.
If HTML5 wasn't such a pain in the ass to develop, Flash would be irrelevant, except for a few nice features that are unique to Flash and Java.
HTML5 compared to Flash is like building your own electric vehicle and your own solar panel which takes 12 hours of sun to charge the battery so you can drive 20 miles an hour with a range of 10 miles.
But what the heck, it doesn't require any gasoline so it must be better.
If HTML5 wasn't such a pain in the ass to develop, Flash would be irrelevant, except for a few nice features that are unique to Flash and Java.
HTML5 compared to Flash is like building your own electric vehicle and your own solar panel which takes 12 hours of sun to charge the battery so you can drive 20 miles an hour with a range of 10 miles.
But what the heck, it doesn't require any gasoline so it must be better.
Its a hell lot better than digging miles deep for oil, wait days to refine it into gasoline than falling into the hole.
Its a hell lot better than digging miles deep for oil, wait days to refine it into gasoline than falling into the hole.
Well to continue with the car analogy, I look at Flash as the SUV of the web. It is irresponsible to use it to commute to work everyday all by yourself when there is perfectly good public transportation, but rather nice to have when you want to take the family camping or to the beach, load it up with groceries or gardening supplies from Home Depot. As far as HTML5 or Flash is concerned I'd rather not have anything moving around on my web page anyway, unless it served a purpose. I like to point to the Google finance app as a useful implementation of Flash. The rest of the time I just need static images and text.
I've found a compromise for my Mac. I install Flash, then sandbox it in one web browser, iCab. The rest of my applications behave as though Flash isn't installed.
You have to put the two pertinent plug-ins into a Plugins folder in iCab. Here's what I do in Terminal.
sudo mkdir /Applications/iCab.app/Contents/Plugins cd /Applications/iCab.app/Contents/Plugins sudo mv /Library/Internet Plug-Ins/Flash Player.plugin . sudo mv /Library/Internet Plug-Ins/flashplayer.xpt .
You can also do the same for the Silverlight plug-in if it's installed on your system.
sudo mv /Library/Internet Plug-Ins/Silverlight.plugin .
That's it. All your other apps will look for Flash in the /Library/Internet Plug-Ins folder. Since it's not there, they assume it's not installed.
iCab itself will load the plug-ins in the main Library as well as whatever is in its own folder.
It turns out that most of the websites I normally access behave just fine without Flash. I end up firing up iCab maybe once or twice a month for a few minutes. Maybe a year ago, I was doing it a couple times a week, but as the iPad grows in popularity, more and more site operators seem to be getting the message and are moving away from Flash.
Seems like I read about a flash exploit every 2 days...
yeah, right. No hyperbole there.
I remember the 15 from last month (oh, wait, that was Safari)
Die flash, die!
Ah, the trolls rear their ugly heads...
Latest Apple Headlines
-
Apple releases first OS X 10.8.5 Mountain Lion beta to developers
~10 minutes ago -
New patent lawsuit targets Apple over iPhone 5's call forwarding feature
~2 hours ago -
Parallels Desktop 8 updated to support Apple's OS X Mavericks
~2 hours ago -
Researchers crack default iPhone Personal Hotspot passwords in under a minute
~3 hours ago -
Apple wins $30 million iPad contract from LA school district [u]
~4 hours ago - more...
Want to write for AppleInsider? Submit your application now!
Lowest Prices Anywhere!
| Model | Price | You Save |
|---|---|---|
| 11"1.3GHz/4GB/128GB | $964.18* | $34.82 |
| 11" 1.3GHz/8GB/128GB | $1,061.18* | $37.82 |
| 11" 1.3GHz/8GB/256GB | $1,255.18* | $43.82 |
| 11"1.7GHz/8GB/128GB | $1,206.68* | $42.32 |
| 11"1.7GHz/8GB/256GB | $1,400.68* | $48.32 |
| 11" 1.7GHz/8GB/512GB | $1,691.68* | $57.32 |
| 13" 1.3GHz/4GB/128GB | $1,061.18* | $37.82 |
| 13" 1.3GHz/4GB/256GB | $1,255.18* | $43.82 |
| 13" 1.3GHz/8GB/256GB | $1,352.18* | $46.82 |
| 13" 1.3GHz/8GB/512GB | $1,643.18* | $46.82 |
| 13" 1.7GHz/8GB/256GB | $1,497.00* | $52.00 |
| 13" 1.7GHz/8GB/512GB | $1,788.68* | $60.32 |
* price with Promo Code:
APPLEINSIDER01
|
||
| Click for even more configurations | ||
| Model | White | Black | |
|---|---|---|---|
| iPad mini (WiFi only) | |||
| 16GB WiFi |  |
$329.00 | $329.00 |
| 32GB WiFi | |
$429.00 | $429.00 |
| 64GB WiFi | |
$529.00 | $529.00 |
| iPad mini (WiFi + 4G) | |||
 |
 |
 |
|
| 16GB 4G White | $459.00 | $459.00 | $459.00 |
| 32GB 4G White | $559.00 | $539.99 | $559.00 |
| 64GB 4G White | $659.00 | $659.00 | $629.99 |
| 16GB 4G Black | $459.00 | $459.00 | $459.00 |
| 32GB 4G Black | $559.00 | $539.99 | $539.99 |
| 64GB 4G Black | $659.00 | $659.00 | $629.99 |
When is FLASH not a problem?
When it's not installed...