| Author |
Topic: Flash Player patched again. Update now! |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 8 Jul 2015 8:05 am |
|
July 8, 2015
Adobe has just released a new version of Flash Player, plugging a critical zero day vulnerability that is included in a major online exploit kit. Any computer running a version of Flash older than 18.0.0.203 is at risk of remote takeover, without user interaction.
This affects all Flash enabled browsers running on Linux, Mac and Windows computers.
The new version for Linux is 11.2.202.481.
As in the past, there is a different download file for Internet Explorer, Firefox/Opera/Safari and Chrome (entire browser was updated last night).
If you still use Flash, please go to the Adobe About Flash Player page with Flash enabled to see what version you currently have. Then, click the on-page link to the Flash Player Download Center to obtain the newest version for your various installed browsers.
Note: you must input or acknowledge Administrator credentials to run the installer files.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 10 Jul 2015 6:45 pm
|
|
I have Win 8.1; under programs there is only Adobe Reader.
Is Flash Player included in that? "If you still use Flash..." sounds like it's outmoded.
You get my attention these days with words like exploit and more careful and curious, and not just out of curiosity. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Jul 2015 7:21 pm
|
|
| Charlie McDonald wrote: |
I have Win 8.1; under programs there is only Adobe Reader.
Is Flash Player included in that? "If you still use Flash..." sounds like it's outmoded.
You get my attention these days with words like exploit and more careful and curious, and not just out of curiosity. |
Charlie;
Use the link in my post to visit the Adobe About Flash Player page with each browser you have installed. If Flash is installed at all and enabled in any browser, it will reveal its version number on that page. If all you see is a blank gray patch, you either don't have Flash, or it is disabled as a plug-in in that browser.
If you use Google Chrome, Flash is built into it.
FYI: Right now, Adobe Flash is the single most targeted piece of software that runs in web browsers.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 10 Jul 2015 11:57 pm
|
|
Thanks for getting back, Wiz, you always do.
I didn't find a link exactly as you put it... at the very bottom of the page there is a small 'Download.'
Nonetheless, the page reveals "18,0,0,203 installed." Can I take that to mean that is the latest version and I don't have a threat?
That may be self-evident to some, but the implication that the threat is severe prompts me to be careful, as I once thought I had
a modicum of computer savvy, and realize lately that I don't (possibly like many folks, if these things are exploited).
I also understand that Flash Player is an integral part of my system and that I need it, right? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Jul 2015 6:29 am
|
|
| Charlie McDonald wrote: |
Thanks for getting back, Wiz, you always do.
I didn't find a link exactly as you put it... at the very bottom of the page there is a small 'Download.'
Nonetheless, the page reveals "18,0,0,203 installed." Can I take that to mean that is the latest version and I don't have a threat?
snip
I also understand that Flash Player is an integral part of my system and that I need it, right? |
You have the current version as of Saturday, July 11. Another patch is coming next week, for a second new vulnerability.
One has to ask themselves, "do I really need to have Flash Player installed?" If you do, you should only use "click to play" enabled browsers, like the latest versions of Google Chrome and Firefox, which effectively "sandbox" active code. Still, these latest exploits can get around the sandbox that exists to keep Flash code content from spilling over into the operating system.
I am just about through my first week with Flash Player disabled in Firefox, my primary browser. There are a few videos I can't play, or even see. Most are unimportant anyway. YouTube is mostly HTML 5.0 now and all of the current versions of major browsers play them without Flash.
Lets not forget about our Mac OS and ipad/phone/pod friends who don't have Flash at all. They somehow survive without it.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 11 Jul 2015 6:35 am
|
|
That's what I was wondering, do I need it; I see I'd have to stay on top of updates for vulnerabilities. I use utube a lot but nothing else that I know of.
But I confess I don't know where to look, for example on this page, for browser options, didn't find it in tools.
I'll keep looking, just to try and stay abreast of things, but the more things I find that offer to manage my options, the less I like, and that's all I find at Flash so far. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Jul 2015 6:50 am
|
|
| Charlie McDonald wrote: |
That's what I was wondering, do I need it; I see I'd have to stay on top of updates for vulnerabilities. I use utube a lot but nothing else that I know of.
But I confess I don't know where to look, for example on this page, for browser options, didn't find it in tools.
I'll keep looking, just to try and stay abreast of things, but the more things I find that offer to manage my options, the less I like, and that's all I find at Flash so far. |
The browser options are unrelated to any web page. They control the browser itself. You don't even need to be online to set browser options.
If you have a current browser from any of the big three, look for either a gear or three horizontal lines (hamburger) icon on the upper right side in one of the toolbars. In my Firefox 39 browser, this toolbar is to the right of the search bar, which is inline with the location bar. Ditto for IE 11. Chrome uses the hamburger icon. All options and add-ons can be revealed and controlled by clicking on that icon.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 11 Jul 2015 6:51 am
|
|
| Yes, that's where I'd been looking. Still working.... |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
|
|
|
Charlie McDonald
From:
out of the blue
|
Posted 11 Jul 2015 7:08 am
|
|
| Version 43.0.2357.132 m |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 11 Jul 2015 8:06 am
|
|
| Charlie McDonald wrote: |
| Version 43.0.2357.132 m |
That is Google Chrome. Click the hamburger icon, then down to "Settings." When the Settings page opens, click on "Settings" then scroll down and click on "Show advanced settings." Scroll down through advanced settings to "Privacy." Click the "Content Settings" button. Scroll down to "Plugins" and check the box labeled: "Let me choose when to run plugin content." Click DONE on the bottom right and exit the settings.
You will now be able to allow Flash and other plugins on an as-needed basis. It won't run automatically unless you revert the setting, or a new upgrade forces that change (you never know what an update will do).
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
