14.6 C
London
Tuesday, September 26, 2017
Home Tags The Flash

Tag: The Flash

With Adobe having just announced its end-of-life schedule for the Flash rich Internet plug-in, a petition has been posted on GitHub encouraging the company to make the Flash source code available under an open source license.The petition, posted on web developer Juha Lindstedtrsquo;s GitHub account, says open-sourcing Flash would be a good solution for keeping Flash content alive for archival purposes. “Flash is an important piece of Internet history and killing Flash Player means future generations canrsquo;t access the past.

Games, experiments, and websites would be forgotten.” The petition adds that the idea was “not to save Flash Player but to open source Flash!”To read this article in full or to leave a comment, please click here
With Adobe having just announced its end-of-life schedule for the Flash rich Internet plug-in, a petition has been posted on GitHub encouraging the company to make the Flash source code available under an open source license.The petition, posted on web developer Juha Lindstedtrsquo;s GitHub account, says open-sourcing Flash would be a good solution for keeping Flash content alive for archival purposes. “Flash is an important piece of Internet history and killing Flash Player means future generations canrsquo;t access the past.

Games, experiments, and websites would be forgotten.” The petition adds that the idea was “not to save Flash Player but to open source Flash!”To read this article in full or to leave a comment, please click here
And in some parts of the world, the end will come even sooner.
At ATX Television Fest, execs discuss why familiar franchises keep hitting small screens.
Amazon Prime Day is the first of the flash sales days this year taking place on 11th July. A warm up for the Black Friday/Cyber Monday carnage, some might say.The foundation of all great sale shopping is to compare prices between different shops. A time consuming process if you’re going into one shop followed by another, but the birth of the internet and ecommerce has made this extremely easy.Follow these five top tops from PriceSpy... Source: RealWire
This 4GB USB drive from Centon is just a little over $3 right now -- so cheap that Amazon won't ship it on its own.

But if your cart totals $25 or more, toss in some of these sticks right now for dirt cheap.

The flash drive is built with a sturdy aluminum housing, works on both PC and Mac, and is a cheap & simple way to move files around.
It's listed on Amazon as an add-on item, meaning its cost prohibitive to ship on its own, but if your cart totals $25 or more, take advantage of this deal and get yourself 4GB of portable storage for a whopping 81% off its typical list price.

The sticks right now are listed for just $3.33.
See this deal on Amazon. To read this article in full or to leave a comment, please click here
Kaspersky Lab is currently tracking more than a hundred threat actors and sophisticated malicious operations in over 80 countries.

During the first quarter of 2017, there were 33 private reports released to subscribers of our Intelligence Services, with IOC data and YARA rules to assist in forensics and malware-hunting.
Flash Seats Mobile App for Android,version 1.7.9 and earlier,and for iOS,version 1.9.51 and earlier,fails to properly validate SSL certificates provided by HTTPS connections,which may enable an attacker to conduct man-in-the-middle(MITM)attacks.
Microsoft has released an old-fashioned Security Bulletin, MS 17-005, which shepherds a handful of patches for various versions of Windows.

The patches, all called KB 4010250, implement the Flash Player fixes contained in Adobe's APSB17-04, which fi...
An update for flash-plugin is now available for Red Hat Enterprise Linux 6Supplementary.Red Hat Product Security has rated this update as having a security impact ofCritical.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe FlashPlayer web browser plug-in.This update upgrades Flash Player to version 24.0.0.194.Security Fix(es):* This update fixes multiple vulnerabilities in Adobe Flash Player.

Thesevulnerabilities, detailed in the Adobe Security Bulletin listed in theReferences section, could allow an attacker to create a specially crafted SWFfile that would cause flash-plugin to crash, execute arbitrary code, or disclosesensitive information when the victim loaded a page containing the malicious SWFcontent. (CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928,CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934,CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938) Red Hat Enterprise Linux Desktop Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   Red Hat Enterprise Linux Server Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   Red Hat Enterprise Linux Workstation Supplementary (v. 6) IA-32: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   x86_64: flash-plugin-24.0.0.194-1.el6_8.i686.rpm     MD5: 89b0f146cac8ceb7cdf0d34c671dbf8dSHA-256: c791905f5cac7148af679887190c481616d2241f559f726f00238772fec1bc16   (The unlinked packages above are only available from the Red Hat Network) 1411929 - CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928 CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933 CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937 CVE-2017-2938 flash-plugin: multiple code execution issues fixed in APSB17-02 These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers. The Flash Player update fixes 13 vulnerabilities, 12 that can lead to remote code execution and one that allows attackers to bypass a security restriction and disclose information.

Adobe is not aware of any exploit for these flaws existing in the wild. Users are advised to upgrade to Flash Player version 24.0.0.194 on Windows, Mac and Linux.

The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer will be automatically upgraded through those browsers' respective update mechanisms. The Adobe Reader and Acrobat updates address 29 vulnerabilities, 28 of which can lead to arbitrary code execution. Like with the Flash Player flaws, Adobe is not aware of any of these vulnerabilities being exploited by attackers. The company advises Acrobat and Reader DC users to upgrade to version 15.023.20053 if they use the "continuous" release track or to version 15.006.30279 if they're on the "classic" track. Users of the older, but still supported, Acrobat XI and Reader XI should upgrade to version 11.0.19. Because of their security sandbox which makes exploits significantly harder to implement, Adobe Reader and Acrobat are rarely targeted by hackers today compared to be some years ago. However, Flash Player remains a hacker favourite, with zero-day attacks against it being relatively common and with exploits being integrated into widely used Web-based attack tools.
Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company Microsoft has begun its 2017 with the release of four updates to address security holes in Windows and Office, while Adobe has posted fixes for more than three dozen vulnerabilities in Flash and Reader. Microsoft's January patch load includes: MS17-001, a fix for the Edge browser to address a flaw that would let a malicious page gain elevated access privileges when the user clicks on a link. "An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies with about:blank, which could allow an attacker to access information from one domain and inject it into another domain," Microsoft says of CVE-2017-0002. The update will only be pushed out to Windows 10 and Server 2016. MS17-002 addresses a memory corruption issue in Office that allows for remote code execution in Office 2016 and SharePoint Enterprise Server 2016. The flaw, designated CVE-2017-0003, allows a specially crafted Word file to take control of the target system with the current user's access privileges.

The vulnerability was spotted by Tony Loi of FortiGuard Labs. MS17-003 is Microsoft's edition of the January Flash Player update to remedy 12 security flaws.

The patch will be automatically pushed to Windows users running Microsoft Edge or Internet Explorer 11. MS17-004 addresses a denial of service vulnerability in Local Security Authority Subsystem Service for older versions of Windows and Windows Server. Microsoft says that an attacker who sent a specially crafted authentication request to the targeted Windows (Vista through 7) or Windows Server (2008 to 2008 R2) box could trigger an automatic reset.

Discovery of the flaw, CVE-2017-0004, was credited to Nicolás Economou and Laurent Gaffie from Core Security. Meanwhile, Adobe is updating both Flash Player and Acrobat/Reader for Windows, macOS, and Linux desktops. The Flash Player update covers 13 vulnerabilities, none of which have been actively targeted in the wild yet.

Adobe is rating the fix as a critical priority for both Windows and macOS systems, as a successful exploit could allow for remote code execution. Linux systems are thought to be at lower risk for attack, but should still install the update as needed. The Adobe Acrobat and Reader update patches up 29 CVE-listed problems, including a number of remote code execution flaws in both Windows and macOS.

Adobe says it has not yet received reports of active exploits in the wild. By the way, if you update Reader, bear in mind it comes with a little surprise: a Chrome extension that sends Adobe telemetry. ® Sponsored: Customer Identity and Access Management