Tuesday, July 14, 2015

Adobe updates Flash/Shockwave (again); Mozilla auto blocks Flash; Facebook calls for its death;

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh.
Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
You may review Adobe Security Bulletin APSB15-17 and apply the necessary update.

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player.
Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system.
Versions affected include Adobe Flash Player 9 through
You may review Adobe Security Bulletin APSA15-18 and apply the necessary updates.
Additional information can be found in Vulnerability Notes VU#338736 and VU#918568

A quick way to see if you’re vulnerable is to go to this Adobe website and run the check to see if they need to update.
If you need the update you’ll get a Sorry, your computer doesn’t have the latest Flash Player installed.
You can then click the download the latest version of Flash Player link below.
If you get the Congratulations, your computer has the latest Flash Player installed, no further action is required.

I should mention that as of about 11:30 AM, Microsoft has yet to release an updated version of Flash for IE 11 on Windows 8.1
I’d expect a release either later today or early tomorrow morning.
Windows 7 users and all other browsers (e.g. Firefox) should be able to update using the links above.
Since Chrome uses Pepper Flash, it will update itself.

Mozilla’s Firefox browser is now blocking Flash across the board, until such time that Adobe can assure the product is safe.
The same article also mentions that Facebook’s security chief would like to see an End-of-Life date for Flash and all browsers to agree to stop supporting it.

FWIW, there is still too much Flash content and HTML5 isn’t being as widely embraced as content creators would hope.
However, IMHO, it may be only a matter of time before CDNs embrace the change to HTML5 or find some other DRM laden software to replace Flash altogether.
At least we can be happy that whatever does happen, CDNs won’t choose Silverlight anymore.