Sophos Cloud Optix
Dear Adobe Flash, you will not wear me down.
I will never, ever, ever tire of writing these words:
Remove your Flash player and, if for some reason you can’t or won’t (because… I don’t know… maybe your laptop is encased in concrete or your grip on life is maintained by an iron lung that only runs in the Flash player) then you should update your Flash player to the latest version.
I won’t tire of writing these words because, despite the grinding relentlessness with which they’re necessary, they remain important.
Critical Flash updates may be as regular as clockwork and as boring as dirt, but so long as Flash lives and criminals are exploiting it we have to stay on top of them. Even if you’ve taken the sensible step of removing it from your own machines, you may have friends and family who have not.
Taking an active interest in Flash updates doesn’t just protect you from malicious websites that exploit Flash bugs either. Familiarity with the process of updating, how updates arrive and the version you’re supposed to be running also makes it easier to spot the fake Flash updates that are so popular with malware peddlers too.
This month’s critical update fixes a type confusion vulnerability that can lead to arbitrary code execution, and it’s rated by Adobe as priority 2, meaning that “There are currently no known exploits”.
That’s good news – it means that, unlike February and June this year where a vulnerability was fixed after criminals had already begun to exploit it, you get to fix the roof while the sun is still shining.
You still have to fix it though.
The bug exists in all versions of Flash up to 30.0.0.113 and you need version 30.0.0.134 for the fix.
The Flash players bundled with Google Chrome, Microsoft Edge, and Internet Explorer 11 for Windows 10 and 8.1, will get it automatically.
Adobe advises that everyone else should update “via the update mechanism within the product” or by getting a freshly minted copy of its player from the Adobe Flash Player Download Center.
I advise that if you can live without it, do.
After a quiet few months, July’s Patch Tuesday update from Adobe also saw Adobe Acrobat delivering an eye-catching “hold my beer” to its beleaguered stablemate with no fewer than 53 critical bugs fixed, and a bunch of others besides.
Adobe advises that its Acrobat and Acrobat Reader products should update themselves but you can find instructions on how to update them manually, or in managed environments, by following the instructions in the security bulletin.
Is adobe
– bad at writing secure code
– responsible for two (or more) popular apps that are no more likely (per installation) to be insecure than others?
Should we be wary of other Adobe applications
The real problems seem to be with its plugin products – Flash has all the challenges of securing the browser (and more, because it *isn’t* the browser and doesn’t get the love and community spirit of the browsers)…
I suppose that the hassle Adobe has is that it’s desperate to kill Flash off and dismantle the Flash community, yet the best way to fix it would be to move forwards to a brave new and not backwards-compatible world – something needing an engaged community that isn’t relying on just letting its legacy code wear out.
I wish Microsoft would get rid of Flash in its Edge browser. Every time Flash turns turtle I get a Windows 10 update. Oh joy!
I think my disk gets hammered on more by Windows updates than all of my other work combined.
Largely redundant article, could have been titled “Remove Flash” and stopped there..
I did allow an automatic update of Flash quite some months ago and then found that some of the websites that I regularly use (eg: banking and lottery tickets to name just two) no longer functioned and I had to remove the upate and restore Windows to a previous date to get things working again. It seems Flash is needed for some kinds of website functionality so I just make do with the version that I have. It may be vulnerable but what else can I do anyway?
Why won’t Google Chrome allow me to go to websites without using Adobe Flash. I’ve never liked Google Chrome to begin with, but when I disable Flash, it will not open websites. I thought Chrome was supposed to be the better browser over IE, but I don’t have this problem with IE.