New Adobe Flash Vulnerability Lets Hackers Plant Malicious Software on Your PC

[starbuck]

Affects all unpatched Linux, Mac, Chrome OS and Windows PCs

 

 

As long as Adobe's Flash Player plugin is still alive and installed on your personal computer, it will only cause damage to it.

Adobe Flash is often described as a security vulnerability, as it it's full of security flaws and Adobe won't patch them as fast as they should.

 

The latest, as reported by Reuters, is said to let hackers plant malicious software on your personal computer.

The malware was discovered by security firm Kaspersky Lab and it's called FinSpy or FinFisher, which is usually used for surveillance by law enforcement agencies.

 

According to the report, Kaspersky Lab was actively tracking a hacker group called BlackOasis, which apparently managed to install malicious software on computers using the security vulnerability in the Adobe Flash Player plugin, before connecting those computers back to servers in Netherlands, Switzerland, or Bulgaria.

 

The BlackOasis group is using FinSpy to target UN (United Nations) officials and Middle Eastern politicians, as well as regional news correspondents, activists, and opposition bloggers, but victims were also reported in the United Kingdom, Russia, Africa, Iraq, Iran, and Afghanistan.

 

Adobe Flash will die in 2020

 

Adobe Systems said earlier this year that it would put its vulnerable and buggy Adobe Flash Player plugin to sleep for good more than two years from now, in 2020, but, until then, people are still vulnerable to attacks and malware like FinSpy, so Adobe needs to do a better job at keeping their software up-to-date, at all times.

 

They already released a security update to fix the said issue allowing hackers to plant malicious software, which affected the popular Google Chrome, Microsoft Edge, and Internet Explorer web browsers.

However, users also need to make sure they keep their apps and operating systems up-to-date, always, if they don't want hackers to hold their data for ransom.

 

 

Source:

http://news.softpedia.com/news/new-adobe-flash-vulnerability-lets-hackers-plant-malicious-software-on-your-pc-518064.shtml

[plodr]

1. A patch for the above vulnerability was available on 16 October. Current version of flash is 27.0.0.170

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

 

2. Adobe plans to disable Flash by default in Edge and Internet Explorer in mid to late 2019, with a full removal from all supported versions of Windows by 2020.

Firefox Extended Support Release (ESR) users will be able to keep using Flash until the end of 2020.

 

https://www.theverge.com/2017/7/25/16026236/adobe-flash-end-of-support-2020

[AWS]

I haven't had flash installed for a couple years now. I am not missing anything. HTML 5 has taken over to replace flash.

 

Years ago I said flash and java were like installing a virus magnet.

[allheart55 Cindy E]

I use the HTML 5 too, especially on YouTube.

[N3]

I'm unfamiliar with "HTML5". How does one incorporate it in firefox & ie?

[plodr]

In FF, go to addons and in the search type in html5.

My search came up with over 200 addons.

Pick a few and read reviews then decide which one you want to install.

 

I can't comment on IE because I so rarely use it.

 

I found this too. I apologize because Mozilla support is bad, in that nothing is ever dated! I have no idea how old or new this article is.

https://support.mozilla.org/en-US/kb/html5-audio-and-video-firefox

[AWS]

Uninstall Flash. Then when you visit a website with videos they will play using HTML 5 auto magically.

[Tony D]

I'm going to try that.

[N3]

Thanks for all the suggestions.

[plodr]

I enabled html5 in FF without installing any addon/plugin. (I'm running FF v 52.4 ESR)

1. In the address bar, type in about:config

2. In the filter box type in mediasource

3. Scroll to the following key media.mediasource.enabled and double click false so it changes to true

Restart FF for the change to take effect.

[Tony D]

Thanks, I've now disabled Flash on Chrome, IE, and FF

[Chunky Monkey]

I wonder whether this can can this exploit gather sensitive data like when you log into your bank account etc... maybe i should disable flash when logging in/not needed...

[allheart55 Cindy E]

I don't use Flash, anymore.

Most of the techie's I know, don't either.

[Chunky Monkey]

[uSER=9187]@allheart55 (Cindy E)[/uSER] should i take it that you don't stream online ?

[allheart55 Cindy E]

I do, with Amazon Prime and Netflix.

[Chunky Monkey]

And they don't require flash ?

[plodr]

The only thing Netflix used to require was Silverlight. They dropped that when they moved to android because android can't install Silverlight and also does not have flash. (You can install flash on android but why bother).

 

I don't use Amazon Prime so I don't know what it uses.

[N3]

Ever since i uninstalled adobe flash from my pc, 'some' of the BBC news videos state that flash is required to view their videos. Edited October 21, 2017 by N3

[Chunky Monkey]

Ahhhh i thought flash was needed for all streaming, didn't realize silverlight is an alternative

 

But i'm sure silverlight isn't for macs... so i wonder what macs use for netflix, maybe i'm wrong though

[plodr]

Silverlight isn't even for PCs. I removed from one I had it on when Netflix no longer required it. Even linux can now use Netflix.

 

https://www.usatoday.com/story/tech/columnist/2017/10/22/why-flash-and-microsoft-silverlight-frustrations-just-wont-go-away/788455001/

 

Google’s Chrome, Apple’s Safari and Microsoft’s Edge all no longer play Flash content automatically.

[Chunky Monkey]

Ahhh i looked it up, honestly didn't realize it's for browsers :P