adobe warning

[smedly]

ok ignore this at your peril but in my humble opinion adobe (flash) update has turned into nothing more than a malware dangerous virus that will seriously mess your PC up big time - do a few google searches about this (and use bad words) and see how many very angry people are out there

I suspect it is their way of saying goodbye as it drifts into oblivion

The moral of the story here is be very careful if you get an update message on your PC from adobe flash - I highly recommend you ignore it

[ukrules]

There are fake updaters doing the rounds at the moment.

If you want to update flash you should make sure it comes from the proper adobe website.

Edited January 11, 2015 by ukrules

[smedly]

There are fake updaters doing the rounds at the moment.

If you want to update flash you should make sure it comes from the proper adobe website.

This is the official update I am referring too - I'm pretty tuned into IT - just thought I'd give a heads up to people to be careful, does no harm

[ukrules]

I'm very skeptical that the official Adobe update is installing malware.

I'll run some tests in one of the sanitised vm environments I keep lying around and I'll see if I can find anything solid.

Are there any specific programs that were installed, for example do you have a list of any recognised names / types of the malware installed ?

I've heard some strange reports of malware lately and I know for sure that there's been a lot of malware distributed via at least one major US advertising network which places adverts on large (millions of users) websites like the Huffington Post to name just one.

[DKUNPUTAF713]

Has an update today and no problem.

Checked my Programs and Features and it updated OK!

[dddave]

I'm very skeptical that the official Adobe update is installing malware.

I'll run some tests in one of the sanitised vm environments I keep lying around and I'll see if I can find anything solid.

Are there any specific programs that were installed, for example do you have a list of any recognised names / types of the malware installed ?

I've heard some strange reports of malware lately and I know for sure that there's been a lot of malware distributed via at least one major US advertising network which places adverts on large (millions of users) websites like the Huffington Post to name just one.

Just yesterday I was reading a football article on Huffington Post and I was puzzled when the attached video prompted me to install "Flash Player" which, AFAIK, I already had. The video suddenly went into autoplay which I thought I had disabled.

Guess I better do a scan. Thanks for the warning about "Huffington Post".

[smedly]

I'm actually referring to the program itself and what it does while installing, maybe not classed as defacto malware but has messed up many peoples computers recently requiring them to take action to reverse the damage. Do a google search on the subject and you will find many horror stories and they are mostly related to updating or installing adobe flash official software

It is worth a note of caution which is why I am mentioning it here

[Chicog]

There is nothing wrong with Flash apart from the fact that it's massively insecure most of the time, and often people can introduce malicious payloads if your PC is not properly secured, (and sometimes if you are, see this link)

If you are downloading versions of Flash because you see a pop up, then you need to learn that this is terribly insecure behaviour.

Do you click on a pop up that says "You have a virus! Click here to remove it!"?

Anyway, there is no mention of Adobe in this week's SecurityTracker, and it would almost certainly be there:

Vendors: Apache Software Foundation - Cisco - EMC -

Gnupg.org - McAfee - Open-Xchange Inc. - OpenSSL.org - SAP -

strongswan.org - XenSource

Products: Apache Traffic Server - Cisco Secure Access Control

Server - Cisco Unified Communications Domain Manager - Cisco

WebEx Meetings Server - Documentum - GnuPG (Gnu Privacy

Guard) - McAfee ePolicy Orchestrator - Open-Xchange - OpenSSL

- SAP NetWeaver - strongSwan - Xen

So I don't know what you are reading, but it sounds like a bunch of people who don't know the difference between Flash Player installed from a verified Adobe Source and clicking on a link because it tells them to.

The real problem with Flash is when you have 32 and 64 bit installed, and the fact that it comes built into certain Browsers already.

It is extremely messy in my opinion, but manageable if you know what you are doing.

Your warning is really too vague to be of any use. The bottom line is DON'T click on ANYTHING unless you are absolutely certain of the source and that you need it.

Flash is not the most popular infection vector by a wide margin.

In fact you' could have been infected by clicking on the link I posted above, apart from the fact that it's fairly easy to see that it points to a trustworthy site, but even then that isn't necessarily a guarantee.

[smedly]

just to note - I've been using computers of various types including PC and never had a virus infection for 20 years

not wanting to get into an argument over this as I said in a post above - I have raised the topic and it is up to each individual to do their own research and come to their own conclusion, I believe it was note worthy - those that don't - up to you

[Chicog]

just to note - I've been using computers of various types including PC and never had a virus infection for 20 years

not wanting to get into an argument over this as I said in a post above - I have raised the topic and it is up to each individual to do their own research and come to their own conclusion, I believe it was note worthy - those that don't - up to you

I'm not arguing with you.

I'm simply pointing out that the information you are giving is vague, and telling people to google "Flash" and "bad words" to back up your argument is simply absurd.

Again: Flash is always full of holes, they patch them and then people find new ones. It's a never ending cycle.

I'm "pretty tuned into IT" as well, and I see the Adobe Security team at a few events every year, and they have always have a great sense of humour because they need one.

But the constant patching thing is a big pain for large sites, if it's only your PC you're trying to protect, it isn't really rocket science.

If you get a message to update Flash and you aren't sure about it's authenticity, don't even click on it, just close the browser.

If you want a safe way of finding out what updates need installing on your PC, try Secunia PSI.

And if you can find a later vulnerability than this one then post it, otherwise please stop with the nonsensical and unfounded doom-mongering.

http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

[ezzra]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

[Chicog]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

I hate IE, but what version are you using?

And do you have compatibility mode turned on?

[RichCor]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

Flesh? Flesh, as in, "Flesh Gordon"?

I think some people need to learn how to keep your Browsers clean, work in a sandbox. If the browser is that easily corrupted then stop using it -- or stop using 'those' sites, or searching using 'those' key words that cause you problems later on.

[IMHO]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

Flesh? Flesh, as in, "Flesh Gordon"?

I think some people need to learn how to keep your Browsers clean, work in a sandbox. If the browser is that easily corrupted then stop using it -- or stop using 'those' sites, or searching using 'those' key words that cause you problems later on.

People who have a compulsion to search for "those keywords" can cure their problems by ditching Google search for NannySearch Bing

[Chicog]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

Flesh? Flesh, as in, "Flesh Gordon"?

I think some people need to learn how to keep your Browsers clean, work in a sandbox. If the browser is that easily corrupted then stop using it -- or stop using 'those' sites, or searching using 'those' key words that cause you problems later on.

You'd be amazed how many legitimate sites have hijacked links that try and inject malware. I've found dozens just looking at our traffic alone, mostly small companies that obviously don't have very well protected websites. The days of hackers simply defacing or vandalising are long gone.

Whilst your advice is sound, it is not a guarantee of safety by any means.

[Chicog]

Don't know about the flesh but my IE is compliantly screwed up as of late, hangs, freezes, skips and all around

a sucky browser.. have tried older versions of flesh and IE, same sh*&t at all times, mainly with long running scripts

that takes for ever to stabilize the websites... all the while, Chrome work flawlessly...

Flesh? Flesh, as in, "Flesh Gordon"?

I think some people need to learn how to keep your Browsers clean, work in a sandbox. If the browser is that easily corrupted then stop using it -- or stop using 'those' sites, or searching using 'those' key words that cause you problems later on.

People who have a compulsion to search for "those keywords" can cure their problems by ditching Google search for NannySearch Bing

I read this fascinating article the other day. In the US, the majority of searches for "those words" come from the Bible Belt.

[monkey dog]

new today for linux flash (429)

check it here http://www.adobe.com/software/flash/about/

x64 http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_flash_player_11_linux.x86_64.tar.gz

ordinary http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_flash_player_11_linux.i386.tar.gz
.............

Edited January 13, 2015 by monkey dog

[IMHO]

just to note - I've been using computers of various types including PC and never had a virus infection for 20 years

not wanting to get into an argument over this as I said in a post above - I have raised the topic and it is up to each individual to do their own research and come to their own conclusion, I believe it was note worthy - those that don't - up to you

I'm not arguing with you.

I'm simply pointing out that the information you are giving is vague, and telling people to google "Flash" and "bad words" to back up your argument is simply absurd.

Again: Flash is always full of holes, they patch them and then people find new ones. It's a never ending cycle.

I'm "pretty tuned into IT" as well, and I see the Adobe Security team at a few events every year, and they have always have a great sense of humour because they need one.

But the constant patching thing is a big pain for large sites, if it's only your PC you're trying to protect, it isn't really rocket science.

If you get a message to update Flash and you aren't sure about it's authenticity, don't even click on it, just close the browser.

If you want a safe way of finding out what updates need installing on your PC, try Secunia PSI.

And if you can find a later vulnerability than this one then post it, otherwise please stop with the nonsensical and unfounded doom-mongering.

http://helpx.adobe.com/security/products/flash-player/apsb14-27.html

Yep, there's absolutely nothing new about Flash having security problems - they started back in the 90's when it was Macromedia, and didn't stop when Adobe bought them out

If there's only one piece of software you keep updated, it's Flash

[Chicog]

new today for linux flash (429)

check it here http://www.adobe.com/software/flash/about/

x64 http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_flash_player_11_linux.x86_64.tar.gz

ordinary http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.429/install_flash_player_11_linux.i386.tar.gz

.............

Or to put it another way....

National Cyber Awareness System:

Adobe Releases Security Updates for Flash Player

01/13/2015 07:31 PM EST

Original release date: January 13, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

[Chicog]

Bit more Peril for you:

Zero-day Adobe Flash Player flaw discovered Spotted in popular exploit kit used by attackers.

A security researcher has discovered a new zero-day vulnerability targeting Adobe's Flash Player software which attackers have already built into the popular Angler exploit kit.

Security researcher Kafeine today noted that one variant of Angler launched three "bullets", or payloads, to exploit flaws in Flash Player - two of which were known, but one which was a fresh attack.

As with previous payloads, the new zero-day in Angler deploys the Bedep distribution botnet on vulnerable systems.

Bedep can load a range of payloads of malicious software on infected machines, including denial of service and remote access programs.

Exploit kits are used in online drive-by attacks. Users visit websites that contain either silent redirects to other sites or malicious code that automatically scans web browsers and computers for vulnerabilities. If vulnerabilities are found, the kit attempts to exploit them to gain control of systems.

The sites in question are often legitimate ones, but once infected serve up malicious advertisements unknowingly - so-called malvertising.

While refusing to disclose details of the Flash flaw ahead of an Adobe patch expected in the coming days, Kafeine said Windows XP running Internet Explorer versions 6 to 9 were vulnerable, as was the latest version of Flash Player, 16.0.0.257.

Windows 7 with Internet Explorer 8 and Flash Player 16.0.0.25 as well as Windows 8, IE 10 and Flash Player 16.0.0.235 are also vulnerable.

Tests conducted by Kafeine showed that Windows 8.1 fully updated is safe from the exploit. Angler does not fire the payloads on Google's Chrome web browser, according to Kafeine's testing.

Read more: http://www.itnews.com.au/News/399598,zero-day-adobe-flash-player-flaw-discovered.aspx#ixzz3PXSwGIoQ