0-day Exploit in Adobe Flash Player!

[Filus]

You can find more here: http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
In short:
Disable Adobe Flash Player in EVERY browser that are you using for some days or permanently!
Alternatively you can use Google Chrome
Edit: Flash 16.0.0.296 fix the issue[FONT=Helvetica Neue Light, HelveticaNeue-Light, Helvetica Neue, Helvetica, Arial, sans-serif]![/FONT]

 

[clam1952]

Just seen this mentioned on ZDNet, about time flash was killed off anyway.

 

[JCitron]

Lovely...

I too hate Flash and can't wait for it to die. It's obsolete now because this technology is built into the newer versions of the browsers, and the plug-in technology has been causing problems in other ways as well because they can also cause a terrible performance hit due to their additional overhead.

John

 

[stouthm]

I just updated to the newest version but after seeing this thread I got to wondering if I even need Flash. What does it do?

 

[JCitron]

I just updated to the newest version but after seeing this thread I got to wondering if I even need Flash. What does it do?

Flash will go away eventually, but it's still used for many websites so don't ditch it just yet.

Flash runs many animations and videos you see on the web including the adverts on the auran.com home page, some forums, and many other interactive content. This is the problem because these exploits can be hidden inside the code for the advertisement or webpage and get downloaded to your machine. As the web standards have changed, plug-ins such as Flash have become obsolete, but being the web obsolescence doesn't happen immediately because of all the versions of web browsers out there.

Zero-day exploits can be nasty because there's no recovery in place for them when they hit, thus the zero-day meaning no warning ahead of time. With some of these exploits, though, they're pretty particular and require the user hitting something on a website in a particular manner to trigger them. One of them that I remember from the old days required a user having the old FLA player installed. FLA was as file format used by Auto Desk to run their quick animations in 3d Studio R4 and some other products. To cause the exploit to happen, a user had to click somewhere in the left corner of a screen on a supposedly hidden pixel. The chances of something like that happening are pretty rare, but someone with nothing else better to do found it and reported it.

John

 

[MeowRailroad]

Has the danger gone away yet?

 

[clam1952]

Maybe maybe not, it was supposed to be fixed last week and wasn't, I am not about to trust Adobe to get it right this time either. I'd give it a week before trusting they have fixed it.

If you must use Flash, according to the guy who discovered the exploits, Malwarebytes Anti-Exploit Free will supposedly stop anything happening.

 

[MeowRailroad]

Ok, thanks, will just stick to Chrome.

 

[Vern]

The most annoying thing about Flash Player is the constant update windows you get on starting the PC, which unless you check the small print and uncheck the relevant box, tries installing Google Chrome and Toolbars on your system. Even if switched off at startup in msconfig it has a nasty habit of coming back.

 

[JCitron]

The most annoying thing about Flash Player is the constant update windows you get on starting the PC, which unless you check the small print and uncheck the relevant box, tries installing Google Chrome and Toolbars on your system. Even if switched off at startup in msconfig it has a nasty habit of coming back.

Try CCleaner to disable the start up. It worked great for me.

John

 

[stouthm]

Thank you John for the info.

 

[Zeldaboy14]

At least I stopped using my old XP machine for good (not like IE8 is really supported anymore though!)

 

[RRSignal]

Too bad for you. Now you're probably at greater risk.

 

[MeowRailroad]

Is this fixed now?

 

[JCitron]

Is this fixed now?

Not for older versions of IE, but the latest one just received a patch yesterday. Perhaps it's fixed for now.

John

 

[MeowRailroad]

Ok, since I am on a Mac I will go back to Safari instead of Chrome, which I have been using.