| Author |
Topic: Adobe Updates Flash Player, Shockwave and PDF Reader |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 14 Jul 2015 8:25 am |
|
July 14, 2015
Adobe has release a salvo of security patches for three of its browser plug-ins: Reader, Flash and Shockwave. The patch for the browser version of Reader (Adobe Reader.DC) is also applicable to the standalone version of the program.
The new version of Flash becomes: 18.0.0.209
The new version of Shockwave player is: 12.1.9.159
The new browser plugin for Adobe Reader DC becomes: Version 2015.008.20082
The new version of the standalone Reader or Acrobat is: 11.0.12
The first three programs are class 1 critical vulnerabilities (top danger rating). The desktop versions of Acrobat and Reader are rated as level 2, one step down.
Please do yourselves a favor and update any of these programs that are installed on any of your internet facing computers, no matter what OS they are running.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Doug Clark
From:
Maine, USA
|
Posted 14 Jul 2015 1:22 pm
|
|
Thanks for the heads-up, Wiz.
I followed a link I think you posted in another thread for checking the current version of Flash Player. Mine seemed to be okay as of that time, but later last night I was still getting notices on certain pages saying something about Firefox (or maybe Yahoo) had "blocked the outdated plug-in Adobe Flash," or something like that. I have Firefox configured so that Flash (I was calling it FlashCrash a few months ago) has to be allowed to run. On most pages, I found I didn't miss it much.
I gave up on Acrobat Reader's butt-dragging bloatware behavior months ago, and use Foxit Reader. I don't need to be able to put a signature on any documents, and that and some other "features" can't be turned off, so I found something simpler and much faster to use. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 14 Jul 2015 2:56 pm
|
|
Firefox browsers were ordered by their maker, Mozilla, to block the Flash Player plugins until Adobe could release the new patches. They acted to protect their user base without anybody forcing them to do so.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Jim Cohen
From:
Philadelphia, PA
|
Posted 14 Jul 2015 3:15 pm
|
|
Ever since I updated to the latest Flash a few days ago, my computer has run tediously slowly, web pages take forever to load, and sometimes never do. Some upgrade. What to do now, Wiz? 
_________________
www.JimCohen.com
www.RonstadtRevue.com
www.BeatsWalkin.com |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 14 Jul 2015 7:38 pm
|
|
| Jim Cohen wrote: |
| Ever since I updated to the latest Flash a few days ago, my computer has run tediously slowly, web pages take forever to load, and sometimes never do. Some upgrade. What to do now, Wiz? :( |
Try these things, in the order posted.
- The latest Flash Player was released today, Patch Tuesday, July 14. Please update to the current version 18.0.0.209.
- After updating Flash, restart that browser.
- If no happy happy, reboot the computer.
- If still no good, try a different brand of browser, after updating with the current version of Flash specific to that browser.
- Uninstall Flash and learn to live without it. Its days are numbered anyway.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Scott Duckworth
From:
Etowah, TN Western Foothills of the Smokies
|
Posted 15 Jul 2015 3:01 am
|
|
I wish everyone would get off the Flash bandwagon. I like the HTML5 way of doing things better. I have the VLC plugin for Firefox, and it works fine. No slowdown stuff either.
_________________
Amateur Radio Operator NA4IT (Extra)
http://www.qsl.net/na4it
I may, in fact, be nuts. However, I am screwed onto the right bolt... Jesus! |
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 15 Jul 2015 7:17 am
|
|
| What are the implications of this? I've downloaded many videos from YouTube that are ".flv". When I play them they play in the Media Player Classic which I have set as the default player for all video types. Do I need to worry about those files? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 15 Jul 2015 9:48 am
|
|
| Brint Hannay wrote: |
| What are the implications of this? I've downloaded many videos from YouTube that are ".flv". When I play them they play in the Media Player Classic which I have set as the default player for all video types. Do I need to worry about those files? |
No, they were already screened by Google (YouTube) before being allowed on the service. The threat is unique and new. It was designed to infiltrate Governments and giant companies. The fact that it was weaponized by cyber criminals is no surprise.
The actual threat vector comes from poisoned attachments in email, poisoned ads foisted onto legitimate ad networks, and hostile scripts added to the headers of compromised websites, most of which are running old versions of WordPress (and its plugins!) and Joomlia.
In all these cases, the goal is to silently redirect the victim's browser to a malware infection "exploit kit" page hosted on a website under the control of the criminal enterprise behind the campaign.
In the recent past, the number one attack vector was Java. Now it is Flash. The primary target is adjusted by the author of each exploit kit, as statistics dictate what is most likely to be unpatched at any given time, by the most people.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
