Adobe Flash Player


'Adobe Flash Player' Articles

Adobe Flash on Mac Gets Second Critical Security Update in Just Two Weeks

Adobe for the second time this month has released Flash Player security updates to address critical vulnerabilities that could potentially allow an attacker to take control of Mac, Windows, Linux, and Chrome OS systems. Adobe gave the security fixes its highest severity rating, meaning users should immediately update to the latest Flash Player version through the built-in update mechanism, or by visiting the Adobe Flash Player Download Center. Adobe said the security updates resolve a use-after-free vulnerability that could lead to code execution, as discovered by Google's Threat Analysis Group. Adobe said it was aware of the exploit being used in "limited, targeted attacks" against users running Windows 7 or later only, but Mac users could still be affected and should update out of an abundance of caution. Affected versions of Flash Player for Mac: Adobe Flash Player version 23.0.0.185 and earlier Adobe Flash Player for Google Chrome version 23.0.0.185 and earlier Mac users running Flash Player 11.3.x or later who have selected the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 23.0.0.205. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date. Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released a dozen Flash Player security

Adobe Releases Critical Security Update for Flash Player on Mac

Adobe has released security updates for Flash Player that address critical vulnerabilities that could put Mac users at risk. Flash Player version 23.0.0.162 and earlier, Flash Player Extended Support Release version 18.0.0.375 and earlier, and Flash Player for Google Chrome version 23.0.0.162 and earlier are affected on macOS Sierra and OS X. Mac users should update to the latest Flash Player version through the built-in update mechanism, or by visiting the Adobe Flash Player Download Center. Mac users running Flash Player 11.3.x or later who have selected the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 23.0.0.185. Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Similar critical security updates were issued in March, for example, while Adobe released an "emergency" Flash Player security update in April to address ransomware attacks affecting Flash-based advertisements on Mac and other platforms. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to decrypt it. These type of threats often display images or use voice-over techniques containing instructions on how to pay the ransom. The latest vulnerabilities, discovered by Palo Alto Networks, Trend Micro, Tencent, and other researchers, could lead to nondescript "code

Google Chrome 53 Browser to Block Flash Content By Default

Google announced yesterday that it will "de-emphasize" Adobe Flash in its Chrome browser in favor of HTML5 from next month. As of Chrome 53, whenever the web browser comes across a site that loads Flash "behind the scenes" it will block the offending content and switch to the faster HTML5 web standard whenever it is available. Google notified users of the change to its browser's behavior ahead of time in a blog post: Today, more than 90% of Flash on the web loads behind the scenes to support things like page analytics. This kind of Flash slows you down, and starting this September, Chrome 53 will begin to block it. HTML5 is much lighter and faster, and publishers are switching over to speed up page loading and save you more battery life. You'll see an improvement in responsiveness and efficiency for many sites.In December, Chrome 55 will make HTML5 the default experience, except for sites which only support Flash, in which case users will be prompted to enable it on initial visit. The move is another nail in the coffin for Adobe's web standard, which used to serve the majority of online media content before former Apple CEO Steve Jobs decided not to support it on the iPhone. In Safari 10, set to ship with macOS Sierra, Apple plans to disable Flash by default, along with Java, Silverlight, and QuickTime, in an effort to focus on HTML5 content and improve the overall web browsing experience. The plug-in has long been problematic for Apple, requiring frequent security fixes and forced updates to patch a stream of vulnerabilities. Chrome can be

Apple Once Again Blocks Older Versions of Adobe Flash Player Due to Vulnerability

Last week Adobe issued a security advisory for Flash Player, indicating that version 21.0.0.242 and earlier had a critical vulnerability that could potentially cause a crash and allow an attacker to take control of the infected system. Adobe issued a fix a couple days later. Apple today published a support document explaining that users with out-of-date versions of the Adobe Flash Player plug-ins will see a "Blocked plug-in," "Flash Security Alert," or "Flash out-of-date" message when attempting to view Flash content in Safari. Plug-ins like Adobe Flash Player have long been an issue for Apple, requiring forced updates and security fixes to patch vulnerabilities. When vulnerabilities arise, Apple has been consistent in blocking older versions of the web plug-ins. Apple is looking to reduce the risk of potential issues with macOS Sierra, in which Safari will deactivate Flash Player and other plug-ins by default in an effort to push the more modern HTML5. To continue using Flash, users must download the latest Adobe Flash Player update from Adobe's website

Safari in macOS Sierra Deactivates Flash and Other Plug-ins By Default

In Safari 10, set to ship with macOS Sierra, Apple plans to disable common plug-ins like Adobe Flash, Java, Silverlight, and QuickTime by default in an effort to focus on HTML5 content and improve the overall web browsing experience. As explained by Apple developer Ricky Mondello in a post on the WebKit blog, when a website offers both Flash and HTML5 content, Safari will always deliver the more modern HTML5 implementation. On a website that requires a plug-in like Adobe Flash to function, users can activate it with a click as can be done in Google's Chrome browser. Most websites that detect that Flash isn't available, but don't have an HTML5 fallback, display a "Flash isn't installed" message with a link to download Flash from Adobe. If a user clicks on one of those links, Safari will inform them that the plug-in is already installed and offer to activate it just one time or every time the website is visited. The default option is to activate it only once. We have similar handling for the other common plug-ins. When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.Safari 10 will also include a command to reload a page with installed plug-ins activated to give users additional options for controlling the content that's displayed, and there are preferences for choosing which plug-ins

Adobe Issues 'Emergency' Flash Player Security Update for OS X to Address Ransomware Attacks

Adobe has issued Flash Player security updates for OS X, Windows, Linux, and Chrome OS to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system" by way of ransomware. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to decrypt it. These type of threats often display images or use voice-over techniques containing instructions on how to pay the ransom. In this particular "CERBER" attack (via Reuters), affecting Flash-based advertisements, attackers have reportedly demanded between around $500 and $1,000, to retrieve the encrypted files. Adobe says it is aware of Windows 10 being "actively exploited" by this attack, but it is unclear if any Macs have actually been victimized. Just last month, popular BitTorrent client Transmission was temporarily infected with the first ransomware found on the Mac platform. Currently, all servers hosting these malvertisements are now inaccessible. Some reports mentioned that CERBER is being peddled in the Russian underground market as ransomware-as-service (RaaS). This not only proves the suggestion presented by the configuration file’s code above, but also confirms that we will be seeing more of CERBER in the near future.Adobe recommends that Flash Player users on Mac update to version 21.0.0.213 through the update mechanism within the software when prompted, or by visiting the Adobe Flash Player Download Center. Adobe Flash Player installations within Chrome, Microsoft Edge, and Internet Explorer for Windows 8.1 or later should

Adobe Releases Flash Player Update for 'Critical' Security Vulnerability on Mac

Adobe has released security updates for Flash Player that address critical vulnerabilities that "could potentially allow an attacker to take control of the affected system." Adobe is aware of "limited, targeted attacks" on OS X, Windows, and Linux. Adobe lists the affected Flash Player and AIR versions in a security bulletin on its website. Mac or PC users running an affected version should immediately uninstall the web plugin or update their installation to the newest version outlined on Adobe's website. Apple blocks many older or vulnerable versions of web plugins from functioning, including Adobe Flash and Java, to help limit exposure to potential "zero day" exploits. The web plugins remain blocked in Safari until you install the latest updates. Chrome, Firefox, and most other modern web browser also have web plugin safeguards in place due to the high number of past security

Apple Forces Users to Upgrade to Newest Adobe Flash Player to Patch Vulnerabilities

Apple yesterday posted a new support document and sent an email to its security mailing list noting that it is now requiring all OS X users to upgrade to the latest version of the Adobe Flash Player plug-in for Safari to address potential security vulnerabilities. The company is blocking all older versions Adobe Flash Player prior to 16.0.0.305, and users with an out-of-date version of the plug-in will see messages like "Blocked plug-in" or "Flash out-of-date" when attempting to view Flash content within Safari before updating to the newest version. For users who are on systems that are not able to run Flash Player 16, there is an update to Flash Player 13 (13.0.0.269) that addresses the latest vulnerabilities.APPLE-SA-2015-02-05-1 OS X: Flash Player plug-in blocked Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 16.0.0.305 and 13.0.0.269.The 16.0.0.305 and 13.0.0.269 updates were released by Adobe on February 5 to fix a zero-day vulnerability that was being exploited by hackers against Windows