Security issues with Flash Player and Firefox

Topic

New Reply

---

Field Notes

Security issues with Flash Player and Firefox

By Tracey Capen A new and critical vulnerability puts Adobe Flash Player users at immediate risk. Also: Microsoft makes OneDrive less attractive for free users, and a new report shows how Firefox extensions might be too unsecure to use.

---

The full text of this column is posted at windowssecrets.com/top-story/security-issues-with-flash-player-and-firefox/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

Note that the new version of Flash fixes 24 vulnerabilities that would presumably have been addressed in the regular Patch Tuesday release. (April’s is due out today.)

But today’s Monday. :confused:

Reply | Quote

New Firefox version out: https://www.mozilla.org/en-US/firefox/45.0.2/releasenotes/

Reply | Quote

For that layman’s description of how the exploit works, I recommend reading Ars Technica’s April 5 article.

Which layman? :confused:

Reply | Quote

… and my PC shows the Flash Player 21.0.0.213 update was installed automatically on the 8th.

Reply | Quote

I have Kaspersky Internet security and use the ad blocker feature. It is listed in Firefox extensions. All other extensions are disabled. Is Kaspersky strong enough to prevent any invasion?
My Flash Player has been updated automatically.

Reply | Quote

Is Kaspersky strong enough to prevent any invasion? My Flash Player has been updated automatically.

If you have Flash Player set to update automatically then it should now be at version 21.0.0.213 (except for Google Chrome which has been updated to 21.0.0.216) and you are protected from this particular vulnerability.

You should be able to check this by going to the Control Panel and running the Flash Player applet.

44152-cpl-flash
Click to enlarge

On the Updates tab you’ll see the current version(s) of Flash Player installed on your device.

44153-cpl-flash1
Click to enlarge

If you click on the Check Now button your default browser will open an Adobe web page showing the latest version numbers for all the different flavours of Flash Player.

This means that, irrespective of what antivirus product you are using, Flash Player itself isn’t vulnerable to the current exploit.

(Note that the Flash Player auto-updater doesn’t appear to delete the previous version of Flash Player immediately but – instead – waits until you reboot, i.e. the files (executable and DLL) are flagged in the registry for delete on reboot. The auto-update process should re-direct all calls to the new version of Flash Player but, if you’re being really cautious, it’s a good idea to reboot to get rid of the old version files completely.)

Hope this helps…

Reply | Quote

I have Flash, like all other software, notify me before installing. Nothing more annoying than software suddenly updating in the middle of something.

However, I rarely actually get notified. Usually I find out from WinSecrets or similar. Annoying they don’t notify with the same priority.
Same happened here. 4 days later and no notification. It’s not like nothing has used Flash in the meantime.

Reply | Quote

I agree – we should see an upgrade to extensions in Firefox. It’s one of it’s prominent features and I use a bunch of them.

It would make the browser much less useful without them. But I can note that you still have to install the compromised extension. Safe practices should avoid any issues.

Reply | Quote

One Drive? Is that one of those “cloud” products that I’ve been avoiding since they came out? Of course this problem is totally expected.

I live in Oregon. We are very familiar with clouds. They change constantly. Who in his right mind would ever trust his valuable data to a cloud? No one.

If you are a teenager or maybe in your 20s a few years may seem like an eternity, but I’m here to tell you that it’s not. Don’t trust your data to any medium over which you have no control. You might lose it if you are poor at doing backups on your own, but you will lose it for sure if you trust it to someone else for safekeeping. You will. Not “you might”, but you will lose it.

Companies come and go, policies change with management changes, offers and deals change with the economy, and technologies change constantly. Clouds go poof! in the heat of the sun or of the competition or in the fires of corporate hell. I can still print my old B&W negatives. (And I’m not even near to retirement age, yet.) And I still have my own backups of my own data disk with way too much old crap stored there. Maybe losing all of your data once in a while is a small price to pay for a free cleanup. But if you want to keep it, keep it under your own control. Because you are the only one who really cares what happens to it.

Reply | Quote