New security advisory:
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
Overview of all the CVEs:
http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53
Daily reminder to stop using Flash:
http://occupyflash.org/
chrome's flash was already auto updated to a newer version
>>52117991
>Implying security advisories are the only applicable vulnerabilities to software
>What are companies like Hacking Team?
0/10
>>52117991
You just updated to new vulnerabilities, lad. Check https://helpx.adobe.com/security.html#flashplayer again in a couple of weeks and remember what I said.
>>52118000
If you're going to start fear mongering over undisclosed vulnerabilities, you should consider a new hobby.
>>52118032
It's not fear monger if it's true.
BOTNET
O
T
N
E
T
>>52118028
Nah, the recent fixes were the last remaining security issues in Flash.
Flash is secure now.
>>52118032
>If you're going to start fear mongering over undisclosed vulnerabilities, you should consider a new hobby.
May I quote this in 1 week when the next round of Flash exploits is published?
>>52118028
And a new patch will be released within hours. These vulnerabilities are utterly trivial until they're exploited en masse. Not worried about the damage one pencil neck dweeb will do.
>>52118042
TFW when this list will only get bigger.
>>52118050
Knock yourself out champ.
>>52118072
Time for you to get worried.
>>52118086
>fear mongering
newflash: every aspect of your software is vulnerable. unless your software isn't releasing security patches, or you're a PoI, you have about as much to fear as a piano falling out of the sky and crushing you to death.
When was the last 0day which wasn't affecting flash 11 and older too?
Can't remember.
Pretty much every vuln discoverd also affected flash 11 and older, and thus all the code made by Macromedia.
Poor Adobe gets the bad rep because of the CS-graduates who worked at Macromedia.
>>52118106
>Devil's advocate
Here's the inside scoop, matey. Some software is definitely more vulnerable than others. Flash being the epitome of vulnerable software by now.
There are people that still use flash?
>>52118148
more vulnerable to what? another security expert finding a vuln? it's not how easy it is to find exploits that matters because your average cracker has no fucking clue how to do that. they take the work already done by real experts and use it to spread malicious code. that means that unless your software isn't being patched, there's virtually nothing to fear. it's blatant fear mongering and nothing else.
>flash
>>52117905
2016 still using flash.
>>52118163
More vulnerable to being exploited due to sloppy programmers, don't defend the indefendable. Flash is too much a risk, for years now. Crackers *will* find out how to exploit a vulnerability, especially for Flash nowadays. http://malware.dontneedcoffee.com/2015/12/angler-ek-is-exploiting-flash-1900245.html
>2016
>using flash
>he doesn't play flash games
poor sad fucks tbqh
Why don't they trash the entire thing already
Flash is a fucking joke.
Hire some white people, and rewrite it so it's not shit
>>52118732
gnash tries to do that, help them if you want to change something.
>>52117905
Flash and Java. Two shits!
>>52117905
What sites still use flash that isn't a porn site?
>>52120814
I like you.
>>52120835
Besides porn, I honestly don't know.
>>52118701
Most flash games suck and I can live without being able to play flash games.
Someone should tell clem and Canonical to stop including Flash in Mint/buntu. If Apple and Google can get away with not packaging it, then they can too.
>>52117905
Haven't uninstalled flash yet, but got the thing set to a "turn on as needed" basis.
>>52117905
This video right here is why you never use Adobe Flash Player
https://www.youtube.com/watch?v=jaTwcomdYWM
>>52120891
>Someone should tell clem and Canonical to stop including Flash in Mint/buntu
They'll remove it once native flash is no longer updated in 2017.
>249 CE's in 2015 alone
Jesus christ. People actually still use this?
>>52118000
>italian faggots watching burger pussy porn
>>52120954
Sauce, mate?
>>52117905
>http://occupyflash.org/
lol, who is the autistic looser made this site?, anyway html 5 is slow as fuck in some movile devices and is not so good like was flash(animating/programming content). which good alternative we have for interactive animations on browsers?
>>52122131
iFaggot detected.
>>52118381
yes, they will find out how to exploit it weeks later meanwhile a patch was rolled out within hours. the way malware spreads isn't through flash exploit researchers its through unpatched systems, poor security practices and a general lack of security knowledge.
>using nonfree as in freedom software
wtf is wrong with you plebs?
I don't even have flash installed on this computer. Most everything works except for some shitty news websites lacking video.
>>52123198
mpv+youtube-dl make up for that
>>52123373
To be honest I hate those videos on news websites anyway, why the fuck do they all autoplay? If I want to watch a video instead of reading the story I'll click the "play" button. I know I can disable autoplay in firefox's settings but still...
>>52123418
with open with (the plugin) and correctly installed mpv with youtube-dl you can right-click and open just about everything with mpv. this way you have the choice.
>>52121178
I'm just assuming they'll remove it. Linux flash (the non chrome flash) will stop being updated in 2017 and I highly doubt they'll still supply people with an outdated and no longer updated flash player.
Why does everyone hate flash so much? How bad can these vulnerabilities be? Aren't you fucks the least bit sad that flash is ridiculed so much?
Flash, you know, the thing that you used to play all those awesome newgrounds games in your youth???
It's like you don't even care about your childhood.
No trolling either.
click to play.
how am I going to be exposed to a vulnerability that can't run?
you mean the website hosting the content I'm visiting and not some malware infested flash ad is serving me a vulnerability that they had to have added themselves?
well first of all, there's going to be a mess of machines infected because I won't be the only one. secondly, the offending website is going to get buttfucked for offering an exploit up that they intentionally hosted. they will face legal action, get taken offline and be subjected to ridicule to the likes of which has never been seen before.
with my flash plugin perpetually being updated and click to play, this limits my exposure to vulnerabilities to that of any software on my system. I would have to be targeted by an individual or the websites I frequent would have to personally serve the offending code up themselves. none of these things are any more likely than being exploited through any other avenue of software on my system, the ease of flash exploitation is not withstanding.
>>52120944
What a shitty vid, all this does is raise more questions than answers, like what level would it run at and if it affects a proper browser with a sandbox like Chrome/IE
>>52122148
wut? macfags were the first who claimed "flash is bad" just because his god steve blowjobs said it so
>>52124528
>html5 performance problems on mobile
the only devices that have real problems with it are really old phones and iphones.
>>52122992
>Exploits within a week
How could you possibly be OK with this? It's a sysadmin's nightmare to manage devices running Flash and signing off on their security. It's impossible.
>>52123497
I definitely hope so. Sooner than later.
>>52124863
Why would you think I'm speaking from a sysadmins perspective while giving no indications as such?
I would not let flash touch a corporate environment or if I were in the business of content distribution, I would not offer my content in flash.
But as a person needing to view content who can supremely control all the variables (namely that problematic variable that sits between the keyboard and chair), I have no qualms with my own ability to avoid being exploited.
you gotta be completely retarded to even begin arguing this from a sysadmins perspective. I mean they don't even let you use USB ports at many businesses ffs how stupid are you?
>>52125090
>But as a person needing to view content who can supremely control all the variables (namely that problematic variable that sits between the keyboard and chair)
That not all the variables, not even by a long shot and you know it.
>you gotta be completely retarded to even begin arguing this from a sysadmins perspective. I mean they don't even let you use USB ports at many businesses ffs how stupid are you?
Uncalled for mindless accusations, kek.
>>52117905
Flash is better because use cross-platform benefits, "write once, run anywhere"; meanwhile HTML5 is piece of shit because you need write 100 dependencies for streaming video and drag and drop in browsers
>>52125157
>Only care about performance and features
>What is security?
I uninstalled Flash in 2008 and believe it or not, I'm still alive!!!!
AMA
>>52125136
>That not all the variables, not even by a long shot and you know it.
That is absolutely the crux of the matter here. Click to play prevents flash from even running. That means the variable rests entirely on the user you fucking moron.
>Uncalled for mindless accusations, kek.
It's not an accusation. A person has to be completely retarded to argue this from a sysadmins perspective. You are responsible for the damage your users do. The only way you can control the damage they do in this case is to not let them use it, just like USB ports. It's common practice in business and has fuck all to do with your own personal choices.
>>52125194
>Too many uncalled for insults in a pointless attempt to reason your way out of the indefensible.
>>52125234
>say utterly retarded things get called a retard and can't provide a valid retort because none exist
you're essentially arguing that we should all stop using flash because stupid people can't keep malware off their drive. we should also stop using computers then because stupid people will not stop having problems with everything they use.
better yet let's all move to the cloud because your users are too stupid to keep their computer from fucking up
>>52125194
>Click to play
Your whole argument rests on the assumption that the Flash files you choose to execute are safe. Bytecode hosted on servers you don't control, who might be compromised.
>>52120814
>Java
You should differentiate between Java applets, Java desktop applications and Java server applications.
Java desktop applications are at least as secure as C/C++ applications.
Java server applications have a great security track record. It's no coincidence that serious business server applications are using Jva.
Java web applets have an abysmal security track record.
>>52125291
>>say utterly retarded things get called a retard and can't provide a valid retort because none exist
You not acknowledging mine != none exists, you megalomaniacal turd. Flash is too much a risk because it's a cracker's wet dream. There are so many vulnerabilities it's a complete shitshow. Furthermore, it's holding us all back to embrace open standards the communities have worked so hard to create in an effort to make the Web great again.
>you're essentially arguing that we should all stop using flash because stupid people can't keep malware off their drive. we should also stop using computers then because stupid people will not stop having problems with everything they use.
Don't widely assume stuff I haven't even said.
>better yet let's all move to the cloud because your users are too stupid to keep their computer from fucking up
That's insane and you know it.
>>52125321
>Bytecode hosted on servers you don't control, who might be compromised
And guess how that code ends up on compromised servers? It comes via flash ads by large, not by the website host offering the code on their own domain, you fucking idiot.
If a popular website is HOSTING MALICIOUS CODE THEMSELVES, they had to have put it their themselves or be so inept as to have allowed an unpatched vulnerability on their system, outside of flash, to be exploited to allow their host machine to become a host for the offending flash content.
That would mean that any non intentionally malicious flash site would literally had to have been exploited by something OTHER THAN FLASH which undermines your entire argument. If you need to more than flash to exploit flash it's almost like all software is inherently vulnerable.
>>52125399
>Flash is too much a risk because it's a cracker's wet dream
It only becomes a crackers wet dream when there is a known unpatched vulnerability for lengthy periods of time.
Undisclosed vulnerabilities are kept hidden because they only target a limited number of people and then they get patched out. It is to their best interest to only target certain high profile big payload targets so as to keep the vulnerability from being known.
If they offer their vulnerability up on a common website many average people visit and go for big numbers, they not only will make very little in return, their vulnerability will be immediately patched out.
You are so fucking clueless on the nature of vulnerabilities it really makes me wonder why you waste your time typing? Do something productive with yourself you uneducated waste of human space.
>>52125470
>>>52125399 (You)
>>Flash is too much a risk because it's a cracker's wet dream
>It only becomes a crackers wet dream when there is a known unpatched vulnerability for lengthy periods of time.
There are, haven't you learnt anything from the Hacking Team leaks? For exactly this reason the majority wouldn't know of current exploits in Flash, but also software in general.
>Undisclosed vulnerabilities are kept hidden because they only target a limited number of people and then they get patched out. It is to their best interest to only target certain high profile big payload targets so as to keep the vulnerability from being known.
Look, if you're willing to take that chance that's fine with me, but I simply deem it foolish in light of (recent) events.
>You are so fucking clueless on the nature of vulnerabilities it really makes me wonder why you waste your time typing? Do something productive with yourself you uneducated waste of human space.
Again with the uncalled for mindless insults in a pointless attempt to reason your way out of the indefensible.
>>52118042
>Flash is secure now.
I thought this was only a dream. Boy how times change
>>52125565
>There are, haven't you learnt anything from the Hacking Team leaks?
Are you retarded? That's exactly the reason I don't give a shit. I'm not a target of the hacking team, nor is the common flash using pleb. It's higher profile targets that stand to benefit from and any situations outside of this fact reduces my concern even further.
>Look, if you're willing to take that chance that's fine with me, but I simply deem it foolish in light of (recent) events.
Recent events are a proof of exactly the argument at hand. If we didn't know of these exploits, they would not affect us any more than any vulnerability in any piece of software. Vulnerabilities don't remain hidden for long by targeting the masses and Flash is a tool for the masses. A person paying for hacking team services, who owns a profitable website, would be fucking retarded to compromise their profits by hosting malicious code on their website offered by the hacking team.
>Again with the uncalled for mindless insults in a pointless attempt to reason your way out of the indefensible.
Repeating your mantra while offering shit tier arguments makes you look increasingly retarded, retard.
>>52125695
>Are you retarded? That's exactly the reason I don't give a shit. I'm not a target of the hacking team, nor is the common flash using pleb. It's higher profile targets that stand to benefit from and any situations outside of this fact reduces my concern even further.
Anything a company like Hacking Team can exploit is exploitable by any cracker, mate.
>Recent events are a proof of exactly the argument at hand. If we didn't know of these exploits, they would not affect us any more than any vulnerability in any piece of software. Vulnerabilities don't remain hidden for long by targeting the masses and Flash is a tool for the masses.
Right, so now time has taught us they do exists, define for Flash, over an Dover again with each patch. You'd think one would learn from this.
>Repeating your mantra while offering shit tier arguments makes you look increasingly retarded, retard.
I'm not even. Happy Flashing, muppet.
>>52125807
>Anything a company like Hacking Team can exploit is exploitable by any cracker, mate.
No, it isn't.
>Right, so now time has taught us they do exists, define for Flash, over an Dover again with each patch. You'd think one would learn from this.
The long history of Flash exploits is possibly unmistakable proof of my exact argument. You would think with such a history of exploits it would be IMPOSSIBLE to have flash on your system, visit flash sites and not be exploited yet that's not how it works and the average cracker has no clue what to do with them because they wait for vulnerabilities to become known or common knowledge then hope to snare the idiots who don't patch their systems.
>I'm not even. Happy Flashing, muppet.
Kill yourself you retarded shit eating faggot.
