Roger Fingas
Adobe has issued a new set of security updates for its Flash Player plugin, dealing with serious vulnerabilities that could allow a hacker to take control of a targeted computer.
For Mac owners, the updates include Flash Player Desktop Runtime 23.0.0.185, Flash Player Extended Support Release 18.0.0.382, and Flash Player for Google Chrome 23.0.0.185. Matching fixes are available for people using Flash on Windows or Linux.
The updates can downloaded using either Flash's included update tool or the Adobe website.
Modern browser makers have increasingly veered away from Flash, which while once useful for games, video, and animation, has largely been supplanted by other technologies — namely HTML5 — that pose less of a security threat. For a number of years Flash was one of the main vectors for attackers, forcing Adobe to issue regular patches.
Apple escalated its position against Flash with last month's debut of macOS Sierra. The plugin is disabled by default in Sierra's version of Safari, forcing people to manually activate whenever they encounter a webpage asking for it. Java, Silverlight, and even Apple's own QuickTime are treated the same way.
Charles Martin
Amber Neely
Sponsored Content
AppleInsider Staff
Malcolm Owen
Oliver Haslam
28 Comments
HTML 5 is the way to go! And new and faster java support for modern browesers!
Quo usque tandem?
Unfortunately, website still require it.
Unfortunately, Apple's decision to set Flash as disabled by default has an unintended consequence. HTML5 allows - and Safari enables - an autoplay option on videos. Other browsers such as Chrome and Firefox allow the user to set this to disabled. Websites (I'm looking at you, CNN) are defaulting all videos to autoplay to drive up their traffic numbers.
Previously, you could trick the site to use Flash but then use ClickToFlash etc to not autoplay the videos.
Flash is an incredible pile of dung.
With that nummer of fixes the complete sourcecode must be rewriten 10 times or more. They must have incredible bad programmers to still have errors like this.
Its best for everyone involved to zap the source and never build it again.