[email protected] +603-2181 3666
IT News
In A Week – 3 Adobe Flash Zero-day Vulnerability
July 14, 2015
0

More from Hacking Team fiasco. For the third time in a week, a zero-day vulnerability in Adobe’s Flash Player browser plugin has been discovered. This was made known after hackers dumped 400GB of documents that were stolen Hacking Team. Should we be thankful to the hackers? I leave that answer to you. Personally, I think Adobe company should undertake to increase the frequency of updates of Adobe Flash and related products. Failure to do so may compromise computer systems of users and it doesn’t bode well for the company.

Krebs on Security has reported that we will very likely be seeing more zero-day bugs in the future and that we should consider removing it or disabling it for the time being.

Security firm Trend Micro reported the latest bug to Adobe, who is currently working to patch the two recent flaws.

Facebook’s Chief Security Officer has called for Adobe to ditch adobe Flash Player altogether and ask browser vendors to forcibly kill it off.

If you intend to remove Flash Player, here are some things that you can do. As Google Chrome comes with its own version of Flash pre-installed, you may disable it by typing “chrome:plugins” into the address bar. On the plugins page, look for “flash” listing and click the disable link.

For Windows users who are using non-Chrome browsers, Flash can be removed from the Add/Remove Programs panel in Control Panel. Alternatively, you may use this Flash Removal Tool (https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html#main_Download_the_Adobe_Flash_Player_uninstaller).

You may also click-to-play, which is a feature available for most browsers, except IE. This feature blocks content from loading by default. What you would get is a blank box. Users who wish to view the blocked content need only to click the blank boxes to enable Flash content inside them.

To know how to enable click-to-play on browsers, see Recommendation below.

 

Source

1.  Krebs On Security.

2.  How To Geek.

3.  GitHub.

4.  Adobe.

 

Recommendation

1.  Chrome: From the main menu, click Settings. In the search box type “click to play,” and click the highlighted box labeled “content settings.” Scroll down to the “plug-ins” section and change the default from “run automatically” to “click to play”.

2.  Firefox: Open a browser window and type this command “about:config” without the quotes. In the search bar that appears at the top, paste this command “plugins.click_to_play” without the quotes. Double click the entry that shows up so that the setting under the “value” column changes from “false” to “true”.

3.  Opera: Users can do this by clicking “Ctrl+F12”, followed by “Advanced” tab, then “Content”, and then enabling the “Enable plug-ins on demand” option.

4.  Safari: Users can get a click-to-play like experience using either the ClickToFlash extension or the more comprehensive ClickToPlugin extension from here.

5.  Internet Explorer: It’s a little more complicated for IE users. IE 10 which includes its own version of Flash, uses a Microsoft-provided whitelist of websites that are allowed to play Flash content by default. IE10 users on Windows 8 can add any site they like to the whitelist, but is not so straight forward. Go here for a more information on how to do this.