It may come as no surprise to those who know me that I'm not an adobe fan and I've always been proactive against flash. I'd always knew flash player would eventually become dry sand slipping through adobe's hands but in a last desperate attempt to try and recover a little dignity, adobe are trying to solidify the sand with their tears.
After hacker team security got the tables reversed on them by getting hacked themselves it soon came to light that the weakness they exploited for the benefit of government agencies soon became apparent. One of those weaknesses was flash. When this was exposed many opted to kick flash's sad and sorry ass to the kerb. Google has completely dropped it and is using html5, Firefox has followed in the same footsteps in its new browser and I also believe failbook and instigram as well.
This is a big reality check for adobe because we knew there were so many vulnerabilities in flash you could almost consider it the leper of the interwebz. It was also the doorway to unwanted cookies which hacker team took full advantage of. It's a pity it took such drastic actions for adobe to desperately try and recover their losses by attempting to make amends now.
GET PATCHED: Adobe plugs Hacking Team Flash holes and more
Adobe has released patches for its Flash software to fix a pair of critical security vulnerabilities exposed by the Hacking Team megabreach. The bugs can be exploited to hijack PCs and infect them with malware – and crooks are already doing just that, so apply the updates now.
The security bulletin for Adobe Flash Player (APSB15-18) addresses both zero-day vulnerabilities (CVE-2015-5122, CVE-2015-5123). Version 220.127.116.11 Flash Player and associated browser plugins for Windows, Macintosh and Linux replace earlier releases, and constitute a critical update on affected systems.
Adobe was obliged to plug Flash last week because of an earlier 0-day which also emerged from the Hacking Team leak. Flash software is frequently targeted by cybercrooks and spies, prompting growing calls in the security community to ditch the technology.
There have been 11 Flash updates this year alone, and six have come outside Adobe's regular patching cycle as hurry-up patches for zero-day flaws, according to data from the software developer. This is a high patching overhead so it's no great surprise that patience with Adobe is wearing thin.
Facebook's recently installed security chief has just called for timetable to kill off Flash, while Firefox took the unusually aggressive step on Monday of blocking Flash plugins by default pending the patch which has now arrived.
The Flash updates are especially important because exploits targeting these vulnerabilities have already surfaced, as even Adobe admits.
Although the Flash update heads the bill the latest software updates from Adobe will also include a critical update for Adobe Shockwave Player (APSB15-17). Windows and Macintosh versions of the software need updating to version 18.104.22.168 because of flaws identified by Fortinet's FortiGuard Labs that have not so far made it into the wild in the firm of active exploits.
Lastly, Adobe is also releasing updates for Adobe Acrobat and Reader (APSB15-15) to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system". Multiple bugs are resolved by the patches and Windows and Macintosh platforms are both affected, which sounds bad.
However Adobe attaches a patching priority of "two" to the updates compared to a higher priority of "one" to the Flash and Shockwave updates.
Get the fuck out of here adobe, you're all washed up. GIMP for the WINZ!