Posted on 02/09/2015 9:22:21 PM PST by Swordmaker
Apple issues a compulsory Flash update
Apple has issued a compulsory update forcing Mac OS X users to upgrade to the latest version of Flash, following the discovery of three zero-day vulnerabilities in the software.
The update appears as a pop-up in all Apple systems using an outdated version of Flash.
"If you're using an out-of-date version of the Adobe Flash Player plug-in, you may see the message ‘Blocked plug-in', ‘Flash Security Alert' or ‘Flash out-of-date' when attempting to view Flash content in Safari," read the advisory.
"To continue viewing Flash content, update to a later version of Adobe Flash Player. Click the Download Flash button. Safari opens the Adobe Flash Player page on the Adobe website."
The forced update comes less than a week after a third critical zero-day Flash vulnerability was discovered by researchers at Trend Micro. Trend Micro reported uncovering the Flash flaw on 2 February, warning that hackers could target victims with malvertising attacks.
Hackers were found using the zero-day to infect systems with a dangerous BEDEP malware variant on 6 February.
Adobe reported finding two other Flash zero-days in January. Both are known to have been actively targeted by hackers.
The rapid discovery of the three flaws caused ripples in the security community.
Experts from Darktrace, Trend Micro and Alienvault told V3 that the Flash flaws are evidence that traditional security practices are no longer effective.
Flash is one of many widely used technologies to have zero-day flaws uncovered in recent weeks.
Researchers at network security firm Sucuri reported finding a zero-day vulnerability in WordPress on 5 February being exploited by hackers to infect thousands of websites.
Security researcher David Leo reported in a post on the Full Disclosure forum on the same day that he had uncovered an Internet Explorer 11 zero-day.
Thanks! I got an update the other day, guess I will get the latest soon or else dump flash altogether.
Compulsory must not be compulsory on my mac. I use click-to-flash so no flash runs unless I want it to run. That is probably one of the best things I have ever installed. I have never found one for Windows or Linux. In any case I only do updates on my schedule. I’ll download them when I’m on a fast network I can trust (e.g. at work).
You might want to reconsider your characterization of Apple and "closed" applications. . . considering it has been Apple that has pushed open file standards, USB, new technology, and even open source. Do you know what CUPS is, who developed it and who owns it? It's the Common Unix Printing System that all Unix and LINUX systems use to print. Apple developed it, maintains it and owns it. . . Yet it's under commons license. How about WebKit? It's the core of most of the browsers in use today. . . again, Apple. Even Safari's code is open. Yes, some parts of OSX are proprietary, but its core is UNIX. YOU CANT GET MUCH MORE OPEN THAN THAT!
Where can one get a safe download of html5 player?
Yes, exactly.
Flashblock for FF does the same thing.
Thanks for the info.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.