The year for Flash started with the CVE-2015-0310 security bulletin and the corresponding fix, version 22.214.171.1247. Just as that fell into our hands, Adobe warned about yet another flaw with CVE-2015-0311 and delivered 126.96.36.1996 to the world. Now, in an effort to make this more humorous, Adobe has released CVE-2015-0313 along with the 188.8.131.525 update.
These rapid-fire, back-to-back problems are irritating. The issue is compounded by the hoops one has to jump through to update Flash. The Adobe Update tool only updates Internet Explorer or your Plugin Browser (e.g. Firefox), but not both at the same time. The updater also has a nasty habit of only checking for new builds after a full login—not after returning from sleep. Windows 8 and 8.1, meanwhile, rely on a completely different mechanism that pushes out Internet Explorer Flash updates via Windows Update. Your Plugin Browser in Win8 or 8.1 requires a manual update. And Chrome, unlike Firefox and IE, receives its Flash updates through a browser update mechanism. Got all that?
Malwarebytes is reporting that the latest exploit (CVE-2015-0313) has been under active attack since December 3. Part of the success has been fueled by exploit kits being sold online, making it easy for script kiddies to get into the game. What are the bad guys using it for? Invincea says the poison of choice is crypto ransomware. Given the ubiquity of Flash and the fact that malicious adverts are being pushed on trusted domains, this puts everyone at risk, including laymen and experienced user alike.
With the sad situation laid bare, let's get to talking about what we can do to close off this vulnerability.
I have one more important detail to provide as I wrap this up. Normally, the PC world gets to enjoy such misery on its own, but this problem also exists for Mac users. Hi guys!
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Razer unsheathes the Blade Pro gaming laptop||12|
|Radeon 16.10.2 drivers add support for October's big games||8|
|Strong revenue doesn't stem red ink in AMD's fiscal third quarter||21|
|Acer XB241YU G-Sync display stalks the FreeSync competition||19|
|PowerColor Devil Box cages high-performance graphics cards||23|
|Samsung builds 8GB LPDDR4 packages on its 10-nm process||7|
|Latest Nintendo console can Switch form factors on the fly||120|
|Doom update adds Arcade Mode and other goodies||10|
|Microsoft researchers want you to touch VR objects||12|
|A real "console monitor" would be 720p @ 30 Hz ;P||+55|