Notes from the Net – July 2015

by Doris Beetem

Gone in a flash? Facebook says Adobe’s plug-in is a security risk no longer worth taking

by Brett Murphy

July 13, 2015 4:08 PM PDT

Updated: July 14, 2015 6:14 AM PDT

http://www.cnet.com/news/gone-in-a-flash-facebook-says-adobes-plug-in-is-a-security-risk-no-longer-worth-taking/

Adobe Systems’ Flash software has come under fire yet again after Facebook security chief Alex Stamos called for the end of the animation software a week after cyberthieves released 400GB of internal documents stolen from HackingTeam, a Italian security company that helps governments and other organizations steal information..

On Monday, browser maker Mozilla piled on. In a feisty tweet, its head of Firefox support, Mark Schmidt, declared that Flash is “blocked by default in Firefox as of now.” The organization clarified in a statement that “we have only disabled the current version of Flash, not all versions and not forever.”

Adobe on Tuesday posted a security bulletin with an updated version of Flash and a response to the vulnerabilities. Firefox soon after lifted the default block, allowing for the newest version of Flash to run after you download it. The “outdated” Flash plugin is still blocked.

It also released two updates to patch the remaining Flash Player vulnerabilities on Windows, Mac, and Linux.

Users can follow the online instructions for upgrading their software. Adobe is working with browser vendors, like Mozilla, to encourage users to stay up-to-date with the latest security updates.

Related stories

Flash was once the de facto website standard to run games, stream video and deliver animation over browser software. Flash ran on more than 800 million mobile phones manufactured by 20 handset makers. The exception was Apple, which banished Flash from iOS, the operating system that powers the iPhone and iPad, and stopped preinstalling the software on Mac computers. These days, Flash is on the wane as more in the online video industry turn to HTML5, a developing language that can run graphics without plugins. But while it’s fading, Flash is still used on 23 percent of the 483,000 Web pages tracked by the HTTP Archive, a resource for Web developers.

Removing Flash from browsers would break much of today’s Web. That’s why browser makers such as Google and Microsoft have granted Flash special status even as they try to wean the Web from it and other browser plugins. According to Adobe, more than 500 million devices are “addressable today with Flash technology” and 110 million websites run the plugin.

 

What Is Adobe Flash, and How Can You Get Rid of It?

By Sean Captain July 15, 2015

Yahoo Tech

https://www.yahoo.com/tech/what-is-adobe-flash-and-how-can-you-get-rid-of-124087958879.html

Google and Mozilla each announced this week that their Web browsers will be dropping default support for Adobe Flash, citing the plug-in software’s newly discovered vulnerabilities to cyberattacks.

Why is Flash a problem?

Computer scripts written in Flash can directly access the memory on your computer, which is just inviting attacks, or “exploits,” says Chase Cunningham, a cyberthreat expert at security company FireHost. “Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself [your PC].”

Flash has long been one of the biggest attack methods of choice for cybercrooks and spying governments, as security vulnerabilities turn up on an almost daily basis. Flash also uses up a lot of computing resources and can bog systems down. “We … know firsthand that Flash is the number one reason Macs crash,” wrote Steve Jobs in an Apple blog post from April 2010.

Do I have Flash on my computer?

“I would say probably 97 to 98 percent of systems out there have some version of Flash running on them,” said Cunningham. You can visit this page on Adobe’s website to see if the computer you’re using has Flash installed.

What about my phone?

Chances are good that Flash is not on your smartphone or tablet.

Apple completely banned Flash from its mobile devices running the iOS operating system, such as the iPhone, iPad, and Apple Watch.

In 2012, Adobe dropped support for Android, and Flash has been absent since Android 4.1 (Jelly Bean), which came out that same year. (Adobe also dropped support for BlackBerry and Windows Phone.) If you have an iPhone, or any other smartphone bought in the past couple of years, you don’t have Flash.

How do I get rid of Flash?

For Internet Explorer, follow Microsoft’s instructions for how to turn off or remove add-ons.

For Chrome, see Google’s instructions specifically for disabling Flash Player.

If you have Safari on a Mac, follow Adobe’s own instructions for removing it.

For Firefox, type “about:addons” into the browser’s address bar, click Plugins on the left side of the page, scroll down to Shockwave Flash, then click the dropdown menu on the right and select Never Activate. With Firefox, you can also install a Web browser extension called NoScript, which blocks not only Flash but also other scripts that attackers can exploit, such as JavaScript.

If a website requires Flash to display videos or animation, you will need to install Flash to watch it. There’s no way around that.

It’s typical for Flash-based sites to display alerts when they detect that Flash is not installed.

All the popular Web browsers allow you to temporarily install or enable Flash for only the times you happen to need it. So if you’ve installed Flash to view a website (many U.S government sites use it, for example), it’s probably a good idea to disable it as soon as you are done there.