Jump to content

New Adobe Flash Vulnerability Lets Hackers Plant Malicious Software on Your PC

Featured Replies

Posted

Affects all unpatched Linux, Mac, Chrome OS and Windows PCs

 

429528c34cdf359ac6c3d7e750804a94.jpg

 

As long as Adobe's Flash Player plugin is still alive and installed on your personal computer, it will only cause damage to it.

Adobe Flash is often described as a security vulnerability, as it it's full of security flaws and Adobe won't patch them as fast as they should.

 

The latest, as reported by Reuters, is said to let hackers plant malicious software on your personal computer.

The malware was discovered by security firm Kaspersky Lab and it's called FinSpy or FinFisher, which is usually used for surveillance by law enforcement agencies.

 

According to the report, Kaspersky Lab was actively tracking a hacker group called BlackOasis, which apparently managed to install malicious software on computers using the security vulnerability in the Adobe Flash Player plugin, before connecting those computers back to servers in Netherlands, Switzerland, or Bulgaria.

 

The BlackOasis group is using FinSpy to target UN (United Nations) officials and Middle Eastern politicians, as well as regional news correspondents, activists, and opposition bloggers, but victims were also reported in the United Kingdom, Russia, Africa, Iraq, Iran, and Afghanistan.

 

Adobe Flash will die in 2020

 

Adobe Systems said earlier this year that it would put its vulnerable and buggy Adobe Flash Player plugin to sleep for good more than two years from now, in 2020, but, until then, people are still vulnerable to attacks and malware like FinSpy, so Adobe needs to do a better job at keeping their software up-to-date, at all times.

 

They already released a security update to fix the said issue allowing hackers to plant malicious software, which affected the popular Google Chrome, Microsoft Edge, and Internet Explorer web browsers.

However, users also need to make sure they keep their apps and operating systems up-to-date, always, if they don't want hackers to hold their data for ransom.

 

 

Source:

http://news.softpedia.com/news/new-adobe-flash-vulnerability-lets-hackers-plant-malicious-software-on-your-pc-518064.shtml

76c90dd0e79a714317a8daeecc1584d2.png

1. A patch for the above vulnerability was available on 16 October. Current version of flash is 27.0.0.170

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

 

2. Adobe plans to disable Flash by default in Edge and Internet Explorer in mid to late 2019, with a full removal from all supported versions of Windows by 2020.

Firefox Extended Support Release (ESR) users will be able to keep using Flash until the end of 2020.

 

https://www.theverge.com/2017/7/25/16026236/adobe-flash-end-of-support-2020

  • FPCH Admin
I use the HTML 5 too, especially on YouTube.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

I'm unfamiliar with "HTML5". How does one incorporate it in firefox & ie?

In FF, go to addons and in the search type in html5.

My search came up with over 200 addons.

Pick a few and read reviews then decide which one you want to install.

 

I can't comment on IE because I so rarely use it.

 

I found this too. I apologize because Mozilla support is bad, in that nothing is ever dated! I have no idea how old or new this article is.

https://support.mozilla.org/en-US/kb/html5-audio-and-video-firefox

I enabled html5 in FF without installing any addon/plugin. (I'm running FF v 52.4 ESR)

1. In the address bar, type in about:config

2. In the filter box type in mediasource

3. Scroll to the following key media.mediasource.enabled and double click false so it changes to true

Restart FF for the change to take effect.

I wonder whether this can can this exploit gather sensitive data like when you log into your bank account etc... maybe i should disable flash when logging in/not needed...
  • FPCH Admin

I don't use Flash, anymore.

Most of the techie's I know, don't either.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • FPCH Admin
I do, with Amazon Prime and Netflix.

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

The only thing Netflix used to require was Silverlight. They dropped that when they moved to android because android can't install Silverlight and also does not have flash. (You can install flash on android but why bother).

 

I don't use Amazon Prime so I don't know what it uses.

Ever since i uninstalled adobe flash from my pc, 'some' of the BBC news videos state that flash is required to view their videos.

Ahhhh i thought flash was needed for all streaming, didn't realize silverlight is an alternative

 

But i'm sure silverlight isn't for macs... so i wonder what macs use for netflix, maybe i'm wrong though

Silverlight isn't even for PCs. I removed from one I had it on when Netflix no longer required it. Even linux can now use Netflix.

 

https://www.usatoday.com/story/tech/columnist/2017/10/22/why-flash-and-microsoft-silverlight-frustrations-just-wont-go-away/788455001/

 

Google’s Chrome, Apple’s Safari and Microsoft’s Edge all no longer play Flash content automatically.
Guest
Reply to this topic...