Multi platform exploit working with up to the latest version of flash player actively being exploited in the wild. Security update predicted for April 7.
Why do several platforms/browsers come with this thing integrated?
http://thehackernews.com/2016/04/adobe-flash-update.html
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
>A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.
>Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.
>Adobe is planning to provide a security update to address this vulnerability as early as April 7.
>as early as
>early
On a related note, what are your opinions concerning webassembly? Will it lead to the same class of issues?
>using Flashit
Is it 2008 again?
>>53905275
Seriously anon, that's the best pun you could come up with?
I haven't had a system with flash in 5 years. My video viewing is done on my WiiU through the YouTube app or Netflix app and my Android Kodi box.
It's fucking nothing!
>>53905370
Use HTML5, ya doofus. The Wii U YouTube and Netflix apps are terrible.
>>53905413
Actually the netflix app for the wii u isn't half bad. It doesn't really take advantage of the screen on the controller like the amazon instant video app but it isn't a painfully slow and retarded piece of crap like the amazon instant video app either.
>>53905044
I see Adobe is hard at work keeping up their “1 RCE exploit per month” quota.
>>53905044
b-but muh super deepthroat
>>53905275
Chrome browser
Windows 8/10
OEM Android versions
etc
All with flash integrated into them now. Why?
>>53905569
>Chrome browser
it's not even flash, it's their own pepperflash that's supposed to be more secure and performant.
>windows 10
man I didn't realize it but I don't remember having to install flash after installing windows. that blows
>OEM Android version
no phones have ever included adobe flash, it stopped being updated and doesn't work without heavy patching. I don't think it works at all after kitkat.
OH WOW NOW WE GET FREE INFECTIONS OF THE LATEST TESTLA-CRYPT AND WHATEVER BOTNET IS POPULAR NOW
THANK YOU ADOBE & THE FLASH PLAYER TEAM. TRULY GREAT WORK, AS USUAL.
>>53907305
Man that filename is not joking, that is one sexy man.
>>53907162
Pepper is the plugin interface.
>>53905044
bsd here
YAWN
>>53907599
Yeah and their implementation of flash on top of the pepper plugin API is called pepperflash, right? Last time I checked it wasn't adobe flashing running in chrome, but I haven't been paying close attention to the flash scene because it's a load of crap.
>>53908184
I though pepperflash was the pepper version of flash like in following link, item 8, third option:
https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html#main-pars_header
As for Chrome specifically, I am not sure.
>>53908464
That is really weird.
Debian's page for pepperflash seems to imply it's separate from adobe flash and bundled tightly together with chrome. https://wiki.debian.org/PepperFlashPlayer
I can't seem to find any clear answer on what exactly pepperflash is and who created it though.
>>53908707
I'm not familiar with whatever that is but there are definitely alternate implementations of the flash runtime. No idea if they are actually more secure though