Results 1 to 10 of 10
  1. #1
    iNET Interactive
    Join Date
    Jan 2010
    Location
    Seattle, WA, USA
    Posts
    379
    Thanks
    1
    Thanked 29 Times in 24 Posts

    Security issues with Flash Player and Firefox


    Field Notes

    Security issues with Flash Player and Firefox


    By Tracey Capen

    A new and critical vulnerability puts Adobe Flash Player users at immediate risk.

    Also: Microsoft makes OneDrive less attractive for free users, and a new report shows how Firefox extensions might be too unsecure to use.

    The full text of this column is posted at windowssecrets.com/top-story/security-issues-with-flash-player-and-firefox/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,753
    Thanks
    171
    Thanked 651 Times in 574 Posts
    Quote Originally Posted by Tracey Capen View Post
    Note that the new version of Flash fixes 24 vulnerabilities that would presumably have been addressed in the regular Patch Tuesday release. (April’s is due out today.)
    But today's Monday.

  3. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,753
    Thanks
    171
    Thanked 651 Times in 574 Posts
    Quote Originally Posted by Tracey Capen View Post
    For that layman’s description of how the exploit works, I recommend reading Ars Technica’s April 5 article.
    Which layman?

  5. #5
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    ... and my PC shows the Flash Player 21.0.0.213 update was installed automatically on the 8th.

  6. #6
    Star Lounger
    Join Date
    Jan 2010
    Location
    Heidelberg, Germany
    Posts
    97
    Thanks
    17
    Thanked 2 Times in 2 Posts
    I have Kaspersky Internet security and use the ad blocker feature. It is listed in Firefox extensions. All other extensions are disabled. Is Kaspersky strong enough to prevent any invasion?
    My Flash Player has been updated automatically.
    Life is short, eat dessert first.[media]http://www.radreise-verlag.de/UBCmedorand.jpg[/media]

  7. #7
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    Quote Originally Posted by BarbieGee
    Is Kaspersky strong enough to prevent any invasion? My Flash Player has been updated automatically.
    If you have Flash Player set to update automatically then it should now be at version 21.0.0.213 (except for Google Chrome which has been updated to 21.0.0.216) and you are protected from this particular vulnerability.

    You should be able to check this by going to the Control Panel and running the Flash Player applet.

    cpl-flash.png
    Click to enlarge

    On the Updates tab you'll see the current version(s) of Flash Player installed on your device.

    cpl-flash1.png
    Click to enlarge

    If you click on the Check Now button your default browser will open an Adobe web page showing the latest version numbers for all the different flavours of Flash Player.

    This means that, irrespective of what antivirus product you are using, Flash Player itself isn't vulnerable to the current exploit.

    (Note that the Flash Player auto-updater doesn't appear to delete the previous version of Flash Player immediately but - instead - waits until you reboot, i.e. the files (executable and DLL) are flagged in the registry for delete on reboot. The auto-update process should re-direct all calls to the new version of Flash Player but, if you're being really cautious, it's a good idea to reboot to get rid of the old version files completely.)

    Hope this helps...
    Last edited by Rick Corbett; 2016-04-12 at 10:59.

  8. #8
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    I have Flash, like all other software, notify me before installing. Nothing more annoying than software suddenly updating in the middle of something.

    However, I rarely actually get notified. Usually I find out from WinSecrets or similar. Annoying they don't notify with the same priority.
    Same happened here. 4 days later and no notification. It's not like nothing has used Flash in the meantime.

  9. #9
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Courtenay, BC
    Posts
    244
    Thanks
    9
    Thanked 16 Times in 15 Posts
    I agree - we should see an upgrade to extensions in Firefox. It's one of it's prominent features and I use a bunch of them.

    It would make the browser much less useful without them. But I can note that you still have to install the compromised extension. Safe practices should avoid any issues.

  10. #10
    3 Star Lounger Backspacer's Avatar
    Join Date
    Sep 2002
    Location
    Scappoose
    Posts
    332
    Thanks
    20
    Thanked 12 Times in 11 Posts
    One Drive? Is that one of those "cloud" products that I've been avoiding since they came out? Of course this problem is totally expected.

    I live in Oregon. We are very familiar with clouds. They change constantly. Who in his right mind would ever trust his valuable data to a cloud? No one.

    If you are a teenager or maybe in your 20s a few years may seem like an eternity, but I'm here to tell you that it's not. Don't trust your data to any medium over which you have no control. You might lose it if you are poor at doing backups on your own, but you will lose it for sure if you trust it to someone else for safekeeping. You will. Not "you might", but you will lose it.

    Companies come and go, policies change with management changes, offers and deals change with the economy, and technologies change constantly. Clouds go poof! in the heat of the sun or of the competition or in the fires of corporate hell. I can still print my old B&W negatives. (And I'm not even near to retirement age, yet.) And I still have my own backups of my own data disk with way too much old crap stored there. Maybe losing all of your data once in a while is a small price to pay for a free cleanup. But if you want to keep it, keep it under your own control. Because you are the only one who really cares what happens to it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •