wiskerke Posted July 8, 2015 Share Posted July 8, 2015 This means: disable the Flash Player in your browsers. All browsers are affected. All platforms are affected. There may be an update of the Flash Player tomorrow. Yes, this means no Manage Images 2 for the moment. Alamy, maybe reinstate access to Manage Images 1.0 for everyone for a couple of days? Adobe Security BulletinSecurity Advisory for Adobe Flash PlayerRelease date: July 7, 2015Vulnerability identifier: APSA15-03CVE number: CVE-2015-5119Platform: Windows, Macintosh and LinuxSummaryA critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.Affected software versions Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. Severity ratingsAdobe categorizes this as a critical vulnerability.AcknowledgmentsAdobe would like to thank Google Project Zero and Morgan Marquis-Boire for reporting CVE-2015-5119 and for working with Adobe to help protect our customers. Over at Symantec read this: Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash Player which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued. - Sorry I was so late with this. I had my Flash Player disabled as soon as the word was out. I only realized the impact here when I clicked on edit image just now. wim Link to comment Share on other sites More sharing options...
spacecadet Posted July 8, 2015 Share Posted July 8, 2015 Good job I used FTP this morning then but I've been keywording since. Presumably coincidentally FF suddenly started objecting to Flash v17 as out-of-date last week. I'm inclined to carry on unless I get a suspicious crash. Link to comment Share on other sites More sharing options...
wiskerke Posted July 8, 2015 Author Share Posted July 8, 2015 Normally I'm not alarmist about vulnerabilities or malware: that usually causes far more damage than the attacks itself. However it has been suggested that simple ads on a page can be used to exploit this. And that the payload of infection may be not just malware, but ransomware. I will give some links about that when I find them in English. For the moment I have them in Dutch only. wim edit: here is the original report that it has been found in the open: http://malware.dontneedcoffee.com/ Link to comment Share on other sites More sharing options...
spacecadet Posted July 8, 2015 Share Posted July 8, 2015 I've changed to click-to-activate pro tem. Link to comment Share on other sites More sharing options...
wiskerke Posted July 8, 2015 Author Share Posted July 8, 2015 I've changed to click-to-activate pro tem. Probably a good enough solution. SecurityWeek says there is an update already, but Adobe doesn't seem to have it lined up yet. Or the server is down already ;-) (OK let's not add to that, I have removed the link) wim Link to comment Share on other sites More sharing options...
wiskerke Posted July 8, 2015 Author Share Posted July 8, 2015 The Firefox update is available already: https://get.adobe.com/flashplayer/ No luck so far for the Internet Explorer one. It should appear in the same place: it does a quick system scan and then selects the offer. Don't forget to un-click the optional offer to download some sort of MacAfee product. Unless you would just want that of course. wim Link to comment Share on other sites More sharing options...
Kathy deWitt Posted July 8, 2015 Share Posted July 8, 2015 Hi Wiskerke: Thanks for reporting this. I have uninstalled from browsers. But what do you do about external hard drives? Will this just happen when updated or do you have to uninstall on each hard drive too? Or maybe it doesn't even apply?? Kathy Link to comment Share on other sites More sharing options...
wiskerke Posted July 8, 2015 Author Share Posted July 8, 2015 Hi Wiskerke: Thanks for reporting this. I have uninstalled from browsers. But what do you do about external hard drives? Will this just happen when updated or do you have to uninstall on each hard drive too? Or maybe it doesn't even apply?? Kathy It doesn't apply there. Unless of course you have an image or a backup of your system there. In that case: update the mirror or backup, after updating the Flash Player, as soon as you feel everything works as it should. The updates were in place at some point, but the server for Internet Explorer seems to be down again. Microsoft will probably be very busy with their own updates in the coming days and weeks, because it is only a tiny tip of the iceberg we are seeing here. A large part of what our governments*) use to snoop on the bad guys can now be used by those baddies against all of us. *) - and some really bad governments used to spy on decent people. wim Link to comment Share on other sites More sharing options...
wiskerke Posted July 8, 2015 Author Share Posted July 8, 2015 Here is a less crowded page with all updates in all flavors (Mac PC Linux) https://www.adobe.com/products/flashplayer/distribution3.html wim Link to comment Share on other sites More sharing options...
Kathy deWitt Posted July 8, 2015 Share Posted July 8, 2015 Working fine with new Flash Players on Mac/Chrome/Safari. Thanks a lot Wim! Link to comment Share on other sites More sharing options...
losdemas Posted July 9, 2015 Share Posted July 9, 2015 Thanks, wim. Link to comment Share on other sites More sharing options...
Ed Rooney Posted July 9, 2015 Share Posted July 9, 2015 Déjà view all over again? I had a previous problem with the Adobe Flash Player, last year I thought, but now I see that it was back in 2013. If that's not strange enough, I looked for my Flash Player in my apps, to check the version . . . and I find that I have no version, no Adobe Flash Player at all. So, I'm wondering . . . is this something one can function just fine without or what? "They" say I can't watch YouTube without it, but YouTube is running just fine. (Some ads do run with pauses, on Hulu or elsewhere.) So what passes for logic with me says AFP is not needed or I have it but it is not showing itself, Maybe it's shy. Edo Link to comment Share on other sites More sharing options...
IanGibson Posted July 9, 2015 Share Posted July 9, 2015 Déjà view all over again? I had a previous problem with the Adobe Flash Player, last year I thought, but now I see that it was back in 2013. If that's not strange enough, I looked for my Flash Player in my apps, to check the version . . . and I find that I have no version, no Adobe Flash Player at all. So, I'm wondering . . . is this something one can function just fine without or what? "They" say I can't watch YouTube without it, but YouTube is running just fine. (Some ads do run with pauses, on Hulu or elsewhere.) So what passes for logic with me says AFP is not needed or I have it but it is not showing itself, Maybe it's shy. Edo I don't have Flash installed on any of my Mac computers, and have no problems at all. I use the Google Chrome browser, which has Googles own Flash Player, and is updated regularly without me having to lift a finger. Link to comment Share on other sites More sharing options...
wiskerke Posted July 9, 2015 Author Share Posted July 9, 2015 Déjà view all over again? I had a previous problem with the Adobe Flash Player, last year I thought, but now I see that it was back in 2013. If that's not strange enough, I looked for my Flash Player in my apps, to check the version . . . and I find that I have no version, no Adobe Flash Player at all. So, I'm wondering . . . is this something one can function just fine without or what? "They" say I can't watch YouTube without it, but YouTube is running just fine. (Some ads do run with pauses, on Hulu or elsewhere.) So what passes for logic with me says AFP is not needed or I have it but it is not showing itself, Maybe it's shy. Edo If you can see the traffic on the roundabout here, you have some version of Flash Player. This page will tell you what version and whether it's the most recent. wim Link to comment Share on other sites More sharing options...
Ed Rooney Posted July 9, 2015 Share Posted July 9, 2015 I use Chrome and Safari. I have Firefox, too, but they want to do things, so I'm avoiding them. I'm on the Adobe Flash Player page, and it says "You have version 18,0,0,203 installed." Ian, where will it all end??? I'm going back to worrying about money and my health. Thanks. Link to comment Share on other sites More sharing options...
Ed Rooney Posted July 9, 2015 Share Posted July 9, 2015 Okay, wim -- all is well. The only thing is that roundabout reminds me of an accident I had in Oxfordshire. Link to comment Share on other sites More sharing options...
Lightboxx Posted February 24, 2016 Share Posted February 24, 2016 alamy should get rid of flash. it is a security nightmare. alamy should use HTML5 instead. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.