The A List Apart Blog Presents:

The Latest Flash 0-day is no Joke

by
Published in Browsers
Article Continues Below
Article Continues Below

I’m guessing there’s a better than decent chance that you’ve already heard about this, but this is such a bad one I thought I would just make sure: The appropriately-named Hacking Team was hacked earlier this week, and in the 400 gigs of data stolen from them was a previously unknown 0-day Flash exploit. The exploit allows web sites to execute arbitrary code on vulnerable machines.

The Hacking Team makes a living selling tools that allow their clients, mainly governments and law enforcement, to surveil internet users and snoop on encrypted internet traffic. An important part of their service is collecting unknown exploits and keeping them a secret so they don’t get patched, and can continue to be exploited.

Flash gets updated a lot, often for security purposes. What usually happens is a security firm, or a hacker looking for a bounty, or Adobe itself will find a vulnerability, and the Flash team will quietly patch their software before the exploit becomes widely known. This time, the exploit is already out there, and is quickly making its way into malware tools.

So, I assume you’re already multi-tasking and disabling Flash in your browsers. (Here’s how to disable Flash in Chrome. And Safari. And Firefox. And IE.)

And now you should go patch Flash.

7 Reader Comments

  2. Agreed. We need to stop talking about “patching Flash” and start talking about “uninstalling Flash.”

    Even Adobe doesn’t have any skin in the game anymore.

  3. fwiw, Adobe Connect requires Flash … we use it quite often for remote training and webinars. Adobe uses it too of course for their own public and NDA online webinars.

  4. Your post is already out of date, this issue has already been fixed and automatically updated on everyone’s machines. nice try though.

  6. @pete shand — Notifications are automatically sent, but on some platforms they still require user intervention to actually install. (On OS X, in particular, it’s not a quick process.) Flash sends so many updates, many many people ignore the notifications not knowing they are often ignoring critical security updates.

Got something to say?

We have turned off comments, but you can see what folks had to say before we did so.

More from ALA

Design for Amiability: Lessons from Vienna

by
Computing was born in a Viennese café. Between 1928 and 1934, while Hitler plotted and Europe crumbled, a motley crew of mathematicians, philosophers, architects, and economists gathered weekly to puzzle out the limits of reason—and invented Computer Science in the process. What made their collaboration possible wasn't just brilliance (though they had plenty). It was amiability: the careful design of a social space where difficult people could disagree without destroying each other. Longtime A List Apart contributing author Mark Bernstein mines this forgotten history for lessons that might just save today's embattled web from its worst impulses. Spoiler: it involves better coffee service and the looming threat of public humiliation.

From Beta to Bedrock: Build Products that Stick.

by
Building towards bedrock means sacrificing some short-term growth potential in favour of long-term stability. But the payoff is worth it: products built with a focus on bedrock will outlast and outperform their competitors, and deliver sustained value to users over time. Liam Nugent shows us how.

User Research Is Storytelling

by
At a time when budgets for user experience research seem to have reached an all-time low, how do we get stakeholders and executives alike invested in this crucial discipline? Gerry Duffy walks us through how the research we conduct is much like telling a compelling story, complete with a three-act narrative structure, character development, and conflict resolution—with a happy ending for researchers and stakeholders alike.

Discover more from A List Apart

Subscribe now to keep reading and get access to the full archive.

Continue reading