adobeflash
Latest
Fake Flash updates upgrade software, but install crypto-mining malware
According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero. But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.
New ransomware is causing major issues across Europe and Russia
There's a new ransomware making the rounds today with confirmed targets in Russia, Ukraine, Turkey and Germany. Kaspersky Labs says that nearly 200 victims have been hit with the ransomware that's been dubbed Bad Rabbit.
Latest Adobe Flash vulnerability allowed hackers to plant malware
Adobe Flash may be on its way out, but apparently, its goodbye tour is going to be marred by security issues just as the software has for most of its existence. Kaspersky Labs reports that a new Adobe Flash vulnerability was exploited by a group called BlackOasis, which used it to plant malware on computers across a number of countries. Kaspersky says the group appears to be interested in Middle Eastern politics, United Nations officials, opposition activists and journalists, and BlackOasis victims have so far been located in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, United Kingdom and Angola.
Flash was useful, but developers are glad it’s on the death march
Earlier this week, Adobe announced it would cease support and development of Flash at the end of 2020, a decision that had many people saying, "Finally." The "Flash is dead" rhetoric has been around for years, and people like Facebook's chief security officer, Alex Stamos, have called for Adobe to set an end-of-life date for some time. Well, it finally has, and Adobe tells Engadget that the transition out has been planned for several years.
Homestar Runner is back with a few laughs before 2016 ends
The internet felt like a kinder, simpler place during Homestar Runner's heyday. As if to combat all the bad vibes 2016 has given the world, we have a new video featuring Homestar and shirtless luchadore Strong Bad reading a children's book about a sports competition. Predictably, it's incredibly charming. Without giving too much away, there are some solid Mr. Mister and Night Ranger references, as well as a gag about the obsolescence of Adobe Flash.
Apple will deactivate Flash by default on Safari 10
You know that Maya Angelou quote that says "Never make someone a priority when all you are to them is an option?" If Flash were a person following that tenet, then it now has to drop Safari from its dwindling list of priorities. In a post on the WebKit blog, Apple engineer Ricky Mondello has revealed that the company is deactivating Adobe Flash by default on Safari 10. That's the version of the browser shipping with macOS Sierra this fall.
Adobe warns of 'critical vulnerability' in Flash
The general consensus on Adobe Flash is that it's no longer good for anyone. In 2010, Steve Jobs' wrote an open letter about the software, stating it fell short in many areas and wasn't ready for the mobile era. Facebook's newly appointed security lead, Alex Amos, added fuel to the fire recently by saying Adobe should announce an end-of-life date for Flash soon. And Adobe isn't helping its cause. To make matters worse, the company has now found a critical vulnerability in Flash Player which, if successfully exploited, "could cause a crash and potentially allow an attacker to take control of the affected system." According to Adobe's security bulletin, this issue affects version 19.0.0.207 (and earlier) on Mac, Windows and Linux computers, adding that it is aware of a report claiming the exploit is "being used in limited, targeted attacks." Adobe says it's working on a fix, and it could be available as early as October 16.
Malicious ads on major websites held users' files to ransom
A widespread attack has exposed millions to malware that holds files to ransom. The campaign, which was first detected a month ago, placed fake adverts on websites such as Yahoo, AOL and The Atlantic that installed so-called "ransomware" onto a victim's computer. The attackers stole assets from the likes of Case Logic, Bing and Fancy in order to make the malicious ads appear real, but once a computer becomes infected, things get very bad, very fast, for victims.
Daily Update for October 24, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Safari blocking outdated Flash plug-ins due to security holes
Adobe recently issued a security update for Flash Player which patches an exploit that gave hackers the ability to take over a vulnerable system. Not leaving things to chance, Apple is now rolling out a hotfix for Safari that blocks outdated versions of the tainted web plug-in. If your system hasn't been patched yet, you may receive a notification when attempting to access Flash-based content. The prompt will then advise that a new software version is available. If you're running OS X 10.6 (Snow Leopard) or higher and Safari is your browser of choice, you may want to nab this update from Adobe. Otherwise the next time you go online, the internet might be a far cry from what you're used to seeing.
BBC Media Player to give Android users their iPlayer fix in a mostly Flashless world
Remember how the BBC was asking Adobe to keep Flash for Android on life support for a short while? The broadcaster just removed any doubts as to why with the launch of BBC Media Player, its solution for that day when the mobile plugin is well and truly buried. Starting with iPlayer on the mobile web and moving on to both radio as well as an updated version of the Android app due next week, the BBC will be using close Flash cousin Adobe AIR for streaming playback on Android phones and tablets. It can't quit Flash technology cold turkey given the sheer number of devices still running Gingerbread or earlier, which rules out HTTP Live Streaming for now. Media Player isn't necessarily the most elegant solution -- we're seeing reports of sub-par video and other hiccups -- but it will keep those episodes of Doctor Who rolling on most Android hardware and let the BBC push out updates that address as many of the Google-inclined as possible.
Microsoft confirms Flash vulnerability fix for Internet Explorer 10 coming soon
Microsoft has just announced that it will be providing security patches for the Windows 8 IE10-specific version of Flash, despite the software giant initially suggesting it wouldn't. The patch will be available "shortly," and hints at a return to the update cycles of old. More significantly, as ZDNet points out, unless Microsoft coordinates these releases with Adobe, there could be a constant cycle of IE10 being vulnerable in the future. On a positive note, the fix should be released before Windows 8 goes prime time, but for those who jumped on board early, you might want to keep one eye locked on the update page, and get it when it lands.
Flash for Android briefly returns to Google Play Store in UK, zombie-style
Adobe was last seen burying mobile Flash and moving on with its life. Like the stars of George Romero movies, however, Flash is back to walk amongst the living -- if just temporarily. The developer tells the BBC that Flash for Android is back in the UK's Google Play Store for a short while after "strategic partners" pushed it into action, including the British broadcaster. While the link isn't explicitly confirmed, it's strongly implied that the BBC and others want a little more time to wean Android apps like iPlayer off of their Flash dependency and toward web technologies like HTML5. Adobe is quashing any hopes of a permanent revival with a disclaimer that there's no support for the download; any bugs will remain there forever. Those attached to their dearly departed plugin may still appreciate one last look before the code is once more put six feet under. [Thanks, Kevin]
Epic Games' Unreal Engine 3 now working on Linux through Google Chrome, more or less
A Holy Grail of Linux gaming has been an Unreal Engine 3 port. Getting one for the OS would unlock a world of games that has been the province of, well, just about any other mainstream platform. Thanks to Google preserving Flash on Linux through Chrome, that dream is alive in at least a rudimentary form. Experimenters at the Phoronix forums have found that Chrome 21 has support for the Stage 3D hardware acceleration needed to drive Epic Games' Flash conversion of UE3. Tell Chrome to enable support as well as ignore a graphics chip blacklist, and suddenly you're running Epic Citadel from your Linux install. When we say "running," however, we're taking a slight amount of poetic license. Performance isn't that hot, and certain configurations might not show the medieval architecture in all its glory. We've confirmed with Epic that it works, but it's still firm on the stance that there's no plans for official UE3 support on Linux "at this time." It's still promising enough that maybe, just maybe, gamers can embrace an open-source platform without having to give up the games they love.
Mobile Miscellany: week of August 13th, 2012
Not all mobile news is destined for the front page, but if you're like us and really want to know what's going on, then you've come to the right place. This past week, Clove teased the October arrival of the black Samsung Galaxy S III and a security vulnerability was uncovered for Android's pattern unlock feature. These stories and more await after the break. So buy the ticket and take the ride as we explore the "best of the rest" for this week of August 13th, 2012.
PSA: Adobe halts new installs of Flash on Android as of tomorrow
Adobe has been broadcasting as much as possible that Flash on Android is going away, although it's been offering a grace period for those addicted to the plugin. It's now time to wean yourself off. As Adobe warned earlier in the year, new installations from Google Play won't be an option from August 15th onwards. Any downloads after that point will be limited to updates for existing installations or to those willing to raid Adobe's archives -- assuming would-be users aren't already running Android 4.1, that is. While we'd still expect Flash to preserve some of its relevance in mobile as long as phones ship with it preinstalled, and alternatives like Skyfire persist, we'd strongly suggest getting comfortable with HTML5 and native apps from now on.
Chrome 20 browser released: exclusive 64-bit Linux Flash, fewer MacBook crashes
If your new MacBook is having kernel panics, or you're forced to run a 32-bit browser in Linux because you need Flash, Google's brought relief with version 20 of Chrome. While acting sheepish about "yet another release," the Chrome Blog said "hundreds of bugs" were fixed, including a MacBook resource leak issue which was temporarily patched by disabling some GPU features. Also, Linux users will finally get full 64-bit support for Flash with Adobe's PPAPI "Pepper" version, but since it was made exclusively for Chrome, Penguin users will be stuck with that browser if they want the feature. To get it, check the source after the br... oh, right, background update. Nevermind.
Adobe confirms it won't support Flash on Android 4.1, stops new Flash installs from Google Play on August 15th
Adobe was very public about dropping mobile Flash last fall. In case that wasn't clear enough, the developer just drew a line in the sand: Android 4.1 doesn't, and won't ever, get certification for Flash. The company is stopping short of saying that Flash won't run, but it's evident that Adobe won't help you if the web browser plugin doesn't install (or breaks in spectacular fashion) on that Nexus 7. Just to underscore the point, the firm is also halting new installations of Flash from Google Play as of August 15th. Security updates and other vital patches will continue on for existing users. Any fresh downloads after that fateful day, however, will have to come from Adobe's mausoleum for old versions. The company had already said that HTML5 was the way forward on phones and tablets -- now we know just how quickly it's backing up that claim.
Adobe Flash 11.3 checks in with security fixes, OS X silent updater and Firefox sandbox in tow
While feverishly revamping Flash with the all-new Next version -- to keep HTML5 from killing it -- Adobe is still plugging the current incarnation with smaller updates. To that end, Flash 11.3 just popped out of beta, which sees the company add a few notable goodies for the beleaguered plugin. On top of filling seven critical security holes, Adobe added a background updating feature for Mac OS X and signed the code in preparation for compatibility with Mountain Lion. That way it'll align it with the upcoming Gatekeeper feature in the next OS X release, though you'll have to dial its max security down one notch to get it. Lastly, sandboxing -- already in Chrome -- has been tacked on to Firefox as well, slowing hackers by isolating the plugin from critical system processes. All that fresh duct tape and polyfill should keep Flash rattling along -- until Adobe can pull the gleaming Next platform out of the hangar. Meanwhile, click the source for the download links.
Windows 8's Metro version of IE 10 may keep Flash for edge cases
Microsoft triggered some weeping and gnashing of teeth with its decision to keep Flash out of the Metro environment's Internet Explorer 10 browser in favor of HTML5, and it looks like that outpouring of grief has produced a compromise -- albeit with a catch. Leaks of the upcoming Windows 8 Release Preview purport to show Flash running on IE10 in the new interface, but only for certain popular sites (such as Disney's) that can be trusted with Flash and don't have an easy HTML5 fallback. The company hasn't confirmed the change, but it's thought that Microsoft has skipped the familiar plugin route in favor of just coding Flash support for a few sites at a low level. If that's what we see when the Release Preview goes public in June, it could serve as a bridge for parents worried their kids will miss out on Where's My Water? games while preserving a browser that's overall leaner, meaner and safer. We wouldn't hold out much hope for Windows 8 RT tablets running ARM chips, though, knowing that backwards compatibility doesn't exist and that Adobe might not be keen to revive Flash-on-ARM support it's trying to wind down.
