Noticed that Firefox has set 'disabled' as the default for Adobe Flash.

Any thoughts? Anyone planning on uninstalling? From what I've read the flaws are so bad and intrusive it almost seems intentional.

Kind of glad I haven't updated flash yet...

What kind of vulnerabilities?

This is some of the more-recent news.  Chrome patched for the vulnerability on Tuesday; MS said they'll eventually get around to it for IE.

http://arstechnica.com/securit...-actual-chrome-user/

And Firefox blacklists while Facebook calls for a Flash end-of-life:

http://arstechnica.com/securit...day-vulnerabilities/
This message was last edited by the user at 14:38, Tue 14 July 2015.

What she said! hehehe... I wrote a post an lost it, but that answer is better anyway.

MalWare, computer take overs, it was all bad stuff. I removed Adobe Flash altogether.

I've set chrome to always require my permission to run flash.  Eliminates annoying ads and a host of other potential issues.

Flash bad.  Java bad.  Just bad all around.  The effort put into these by Adobe and Oracle to keep plugging any potential holes are indeed valorous and show significant focus; but, goodness... we just need a few 'thing'.

/end rant.

That being said; in general, any time a potential 0-day problem is detected and you hear/read about it; just prepare yourself to uninstall flash and get the latest update.

I opened this thread fully expecting a discussion of superheroes.  Left unsatisfied.  One star.

Flash has way to many vulnerabilities... imagine catching a bug in your mouth at seventy five miles an h our! Ack!

Adobe is pretty much the worst, and they have been for years. I'm glad someone is finally standing up to them (and you should be too). Remember that EULA you agree to when you install new software? Where it says they are not responsible for their software flaws doing terrible things to your system? That EULA where you have no way to complain or push back?

Well Mozilla is pushing back.

It's tough though, their open business model has made them very popular...

Systems Affected

Microsoft Windows systems with Adobe Flash Player installed.
Overview

Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges. Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.

Steve Jobs predicted this, it's why he blocked flash for the iPhone, he viewed it as one big piece of buggy, exploitable code...

In reply to praguepride (msg # 12):

That and anything Apple's preference for creating single-source software that you are forced to buy... =)


(edit: oh grapes, before I start a fight.  I should note: Yes, it was probably smart.  No, I am not anti-apple.  Just a little jesting humor.)
This message was last edited by the user at 20:14, Wed 15 July 2015.

Understood.

Here is the link to Job's 2010 letter about Flash anyway:
https://www.apple.com/hotnews/thoughts-on-flash/

In reply to praguepride (msg # 14):

A darn good article.  I agree with the thoughts and he is absolutely correct regarding the humor of the term 'open'.  I wish people would just program better.  HTML5, now that it's out; has a ton of capabilities.  Some of which are good enough for quite a number of the 'apps' out there.  Really, people could do with just a greater understanding of HTML/CSS/PHP and get quite a lot done in just that route.  Throw-in some JS for the pretty and you're gold.  Just so many ways.  So, so so many ways.

Flash and Adobe are still used for so many things though - as I always am reminded when Flash crashes!  *sigh*  And what about PDFs, doesn't this affect them also?

In reply to Brianna (msg # 16):

No - Adobe's Flash and Adobe's Acrobat Reader are different.

Photoshop is good, Acrobat Reader is ok, Flash needs to burn :P

But yes, all three products are independent of the other.

I can't speak to Photoshop, but reader frequently has holes. The difference is, not a lot of people go surfing the web for awesome .pdfs to view. Flash is implemented seamlessly into many websites, making it an excellent attack surface.

For the record, I use Foxit reader at home. But there's really no way to access flash-encoded websites without flash.

I wasn't talking about vulnerabilities, I was talking about products. Photoshop sets the standard for photo manipulation, Acrobat Reader is a popular .PDF viewer but it's also poorly coded from a resource stand point. There are some really streamlined open source .PDF readers out there that can load a big .PDF in half the time and consuming half the resources that Reader (note: opinion, not actually tested).

Flash is just one big bundle of poorly coded software that interacts with your system on some dangerous (i.e. exploitable) levels and even then the sheer number of problems it has is ridiculous. There's a reason that flash comes out with updates seemingly every other week while your web browser or what not does not.

(Actual count: Between Flash 10 and 11 there were 17 patches over 16 months...)
http://www.zdnet.com/article/h...updates-is-too-many/

Javascript is another culprit and could find itself on the chopping block if something solid comes along.

Many, many websites, toolkits, etc. heavily leveraged JavaScript and all three browsers rigorously are on the lookout for anything even remotely suspicious (at one of my previous web dev jobs I had to jump through hoops to get some functionality to work because they registered one of our quick redirects to a secure site to download a file as potential threats). Something solid doesn't even begin to describe what it would take to make JS go away...

In reply to TheBaron (msg # 21):

Agreed.

The greatest problem with JS (JavaScript) is that it requires a LOT more coding to accomplish things that HTML5 can now do easily.  Some people use JS like a crutch for not wanting to do proper CSS.  However, most of JS is pretty clean; just clunky and slow.  Where people run into problems is when they create these bizarre JS hybrids that attempt to run Flash objects inside of them... you're just like "What the Daftpunk just happened here?"