Adobe confirms critical vulnerability affecting Flash across all platforms

By midian182
Oct 16, 2015
Post New Reply
  1. Just one day after releasing its monthly security update, Adobe has confirmed through a bulletin on its website that it has discovered a new “critical vulnerability” in Flash Player that affects versions running on Windows, Mac and Linux operating systems. The exploit can cause systems to crash and allow hackers to take control of them.

    Adobe said it will issue a security update next week to address the plug-in’s vulnerability, which it has labelled CVE-2015-7645. Until the fix is released, anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security.

    “Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks. Adobe expects to make an update available during the week of October 19," the company wrote on its website.

    Cyberespionage group Pawn Storm has been using the new Flash exploit in their latest campaign. The group sent spear phishing emails to several foreign ministries around the world which contained links leading to the vulnerability, according to Trend Micro.

    Flash was once the standard for internet video, casual games and any kind of animation. At the height of its popularity it ran on 800 million cell phones manufactured by 20 handset makers, although it was famously never supported on Apple’s mobile devices. Steve Jobs launched a high profile attack on Flash in 2010, calling it a “CPU hog” and full of “security holes.” The plug-in’s popularity is falling by the day; only 20 percent of sites now use Flash content (counting ads), compared with 50 percent in 2011.

    News of this latest vulnerability in Adobe’s software will doubtlessly provide more ammunition to those in the tech community who are calling for Flash to be permanently retired. Adobe has so far ignored these calls, but every new exploit discovered is another nail in Flash’s coffin.

    Permalink to story.

  2. ikesmasher

    ikesmasher TS Evangelist Posts: 2,553   +854

    Kill it. Please. Just end it now and let the Internet grow into better things.
    Darth Shiv and wildrage like this.
  3. yRaz

    yRaz TS Evangelist Posts: 1,897   +940

    I don't even think I have flash installed, haven't needed it in years. Flash is dying too slow a death, we just need to take it out back and put it down.
  4. davislane1

    davislane1 TS Evangelist Posts: 3,541   +2,337

    Flash died the moment HTML5 hit the web. It's an animated corpse at this point.
  5. Sniped_Ash

    Sniped_Ash TS Maniac Posts: 253   +108

    "Anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security."

    Darth Shiv likes this.
  6. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    Doesn't it come bundled with Chrome browser? I surely hope not.
  7. It does.
  8. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    I thought so. Unfortunately some sites still require Adobe Flash to properly work.
  9. Kenrick

    Kenrick TS Booster Posts: 187   +88

    Let us all unite to quickly kill this unsecured plugin. Once it is gone, all sites would move to html5 for sure.
  10. Underdog

    Underdog TS Member Posts: 21   +16

    I have been running with Flash disabled for ages now. I have found virtually everything I need works just fine without it. Occasionally I switch it back on to stream a film but that's about it.
  11. RustyTech

    RustyTech TS Guru Posts: 865   +434

    I haven't used flash for a few months now (thanks to whomever posted the uninstall link). The only think that I can't use is Pandora - no other issues at all.
    and life is good
  12. TheBigFatClown

    TheBigFatClown TS Guru Posts: 647   +227

    "Anyone who is connected to the internet may find that disabling their internet connection is the only way to guarantee their PC's security."


    But let's focus exclusively on Flash just for kicks and giggles.
  13. lripplinger

    lripplinger TS Addict Posts: 258   +89

    Adobe clings to Flash like dead skin cells that won't go away. Just kill it already. HTML 5 is on the rise, and Flash will be relegated to the dustbins of computer history.
  14. EEatGDL

    EEatGDL TS Maniac Posts: 481   +159

    I have Flash uninstalled since a few months ago, but I run a basic VM with Flash installed for viewing multimedia content outside of Youtube. Flash is as insecure as Android is, since almost 9 out of 10 Android devices fall under the "insecure" category.
  15. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,620   +376

    I simply don't use those sites anymore. Fortunately nothing I need is affected.

    Here's another tip I read the other day. Set your browser user agent to safari or iOS and the website should serve you HTML5 vid.
    Skidmarksdeluxe likes this.
  16. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,550   +2,894

    If you chose the option not to include Chrome, you get a download that doesn't include Chrome. It is not like other sites where you have no choice but to download the bundle and then opt out during install. Adobe gives the option to or not to download the bundle.
  17. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    I use Chrome browser so when it automatically updates it must update the flash player as well because it's baked in. If you install Chrome from Googles site you don't have the option to opt out of any additional packages but you can disable them within Chrome settings, I'm not sure about the flash player though.
    Truth be told, who actually knows which sites use HTML 5 or Adobe flash? I certainly don't.
    P.S. I've just checked now and it can be disabled but I won't bother, I don't visit shady sites anyway. The shadiest site I visit is TS and it's shady only because I'm a member ;):D
  18. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    Thanks man. (y)
  19. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 8,550   +2,894

    I think I misread your question, thinking it was referring to Adobe bundling Chrome in the Flash installer. I couldn't say what Chrome bundles in their installer.
  20. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,476   +2,034

    Yeah, I thought you did. ;)
  21. Type this in your Chrome address bar: chrome://plugins/

    Looks like you can disable flash inside chrome :)

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...