Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

What exactly happened with Shockwave Flash?

  • 16 tontu
  • 10 am na jafe-jafe bii
  • 1 view
  • i mujjee tontu mooy Marc7

more options

It was working fine, and I'd just updated it earlier this past week, but now it's blocked and the update section says -every- version is vulnerable? Seriously, what happened? And more importantly, how long is it going to take for this to get fixed, and how are we going to know when adobe has the issue fixed? I use only a handful of websites that use flash at all, and I trust them, but still, I dunno that I wanna risk it with flash on the fritz. How did this even end up being detected, anyway?

It was working fine, and I'd just updated it earlier this past week, but now it's blocked and the update section says -every- version is vulnerable? Seriously, what happened? And more importantly, how long is it going to take for this to get fixed, and how are we going to know when adobe has the issue fixed? I use only a handful of websites that use flash at all, and I trust them, but still, I dunno that I wanna risk it with flash on the fritz. How did this even end up being detected, anyway?

All Replies (16)

more options

If you search for Hacking Team you will learn about a disclosure of previously unknown exploits for Flash. Adobe has admitted the problem and promised updates for later this week:

https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

Meanwhile, Mozilla has soft-blocked the latest version of the Shockwave Flash plugin. Therefore, you need to activate it on sites you trust to use it instead of being able to set Firefox to let all sites use Flash automatically.

If you are not accustomed to using the "Ask to Activate" feature for a plugin, here's what to expect:

When you visit a site that wants to use the Flash, you should see a notification icon in the address bar and one of the following: a link in a black rectangle in the page or an infobar sliding down between the toolbar area and the page.

If you see a good reason to use Flash, and the site looks trustworthy, you can go ahead and click the Lego-like icon in the address bar to allow Flash. You can choose to allow it for now or permanently.

But some pages might be using Flash only for tracking or playing a video ad. If you don't see an immediate need for Flash, feel free to ignore the notification, it will just sit there in case you want it later.

more options

jscher2000 said

If you search for Hacking Team you will learn about a disclosure of previously unknown exploits for Flash. Adobe has admitted the problem and promised updates for later this week: https://helpx.adobe.com/security/products/flash-player/apsa15-04.html Meanwhile, Mozilla has soft-blocked the latest version of the Shockwave Flash plugin. Therefore, you need to activate it on sites you trust to use it instead of being able to set Firefox to let all sites use Flash automatically. If you are not accustomed to using the "Ask to Activate" feature for a plugin, here's what to expect: When you visit a site that wants to use the Flash, you should see a notification icon in the address bar and one of the following: a link in a black rectangle in the page or an infobar sliding down between the toolbar area and the page. If you see a good reason to use Flash, and the site looks trustworthy, you can go ahead and click the Lego-like icon in the address bar to allow Flash. You can choose to allow it for now or permanently. But some pages might be using Flash only for tracking or playing a video ad. If you don't see an immediate need for Flash, feel free to ignore the notification, it will just sit there in case you want it later.

Hey Jscher. Thanks for the prompt reply. The few sites I use that use Flash are ones I do generally trust, but if it's going to be fixed later in the week, I think I can wait for the update. Primarily, I use it for youtube and crunchroll to watch videos. The only other site that I know that uses it is a fiction website (I'm not entirely sure why though.) which I am a member of. So basically, if I want to use Flash, I just flick the red lego block and click allow now, rather than allow and remember, correct?

Incidentally, how will we know when they've put out the fix? I'm still on the XP machine at the moment (the 7 pro laptop is still yet to arrive), so I'm going to need said fix when it comes out until I can get the new machine. Will firefox keep us updated on when the fix is out, or what?

Marc7 moo ko soppali ci

more options

Yes, "Allow now" is how I do it myself.

Regarding the next update, someone may go around posting in all the various threads but, if not, you could periodically check this page: https://www.adobe.com/products/flashplayer/distribution3.html (it will be the download for "plugin-based browsers")

more options

jscher2000 said

Yes, "Allow now" is how I do it myself. Regarding the next update, someone may go around posting in all the various threads but, if not, you could periodically check this page: https://www.adobe.com/products/flashplayer/distribution3.html (it will be the download for "plugin-based browsers")

Okay. That makes some sense. I would assume that the plug-in manager will likely be updated as well? That's how I usually get my updates for flash player, by checking the plug-ins to see if they're up to date when I get a message saying it's out of date, and then just clicking on the 'get update' button.

Marc7 moo ko soppali ci

more options

It will be updated, but I'm not sure whether it indicates the new version number available on that page, or whether you just have to click and see.

more options

jscher2000 said

It will be updated, but I'm not sure whether it indicates the new version number available on that page, or whether you just have to click and see.

I don't think it's ever shown the number of the new version anytime I get the prompt from Firefox to update. It just says there's an update available and then I click the button that sends me to the adobe site, which usually lists the new version number in the file when it prompts me to download or run the file.

more options

I am running Adobe 18.0.0.203 which is the latest update but when I go to check whether my plug ins are up to date it says to update my Adobe. Makes no sense to me as to why it is telling me it is out of date when I have the newest installed.

more options

new_aged2perfection said

I am running Adobe 18.0.0.203 which is the latest update but when I go to check whether my plug ins are up to date it says to update my Adobe. Makes no sense to me as to why it is telling me it is out of date when I have the newest installed.

Check Jscher's first response to my question, he pretty much lays out what happened, so far as I can tell.

more options

Marc7 said

new_aged2perfection said
I am running Adobe 18.0.0.203 which is the latest update but when I go to check whether my plug ins are up to date it says to update my Adobe. Makes no sense to me as to why it is telling me it is out of date when I have the newest installed.

Check Jscher's first response to my question, he pretty much lays out what happened, so far as I can tell.

Thank you

more options
more options

cor-el said

http://arstechnica.com/security/2015/07/two-new-flash-exploits-surface-from-hacking-team-combine-with-java-0-day/ http://www.zdnet.com/article/two-further-critical-flash-zero-days-appear-from-hacking-team-breach/

On the subject of java, when I looked to see if I could update it, it seems that's blocked too. Same issue as with Flash, I presume?

more options

there's an update to flash 18.0.0.209 available at https://get.adobe.com/flashplayer/ now.

more options

philipp said

there's an update to flash 18.0.0.209 available at https://get.adobe.com/flashplayer/ now.

I saw that too. But is that the fixed version, or is it vulnerable too?

more options

Marc7 said

philipp said
there's an update to flash 18.0.0.209 available at https://get.adobe.com/flashplayer/ now.

I saw that too. But is that the fixed version, or is it vulnerable too?

I'm sure Flash still has secret problems yet to be revealed, but at this point, Adobe hasn't confessed to any in this release, so Firefox is not blocking this version. (At least my Firefox isn't.)

more options

yes, this fixed the vulnerabilities we were talking about before. https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

more options

jscher2000 said

Marc7 said
philipp said
there's an update to flash 18.0.0.209 available at https://get.adobe.com/flashplayer/ now.

I saw that too. But is that the fixed version, or is it vulnerable too?

I'm sure Flash still has secret problems yet to be revealed, but at this point, Adobe hasn't confessed to any in this release, so Firefox is not blocking this version. (At least my Firefox isn't.)

philipp said

yes, this fixed the vulnerabilities we were talking about before. https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

Thanks guys. I'll give it a shot and pray for the best. :)