Adobe has issued a critical Flash Player security update for everyone who still used Flash Player. The update or updates for OS 10, Windows, Linux, and Chrome OX, address critical vulnerabilities that could potentially allow an attacked to take control of the effected system through ransom ware.
The so-called “CERBER” attack affects Flash-based ads. There is good news, more good news and bad news around the attacks. The good news, there’s no known instance of the attack affecting Mac users. Windows 10 is being actively exploited though with users being billed as much as $1000 to get back access to their data. At least that had been the case, bringing us to the more good news.
The servers involved in the ransom ware have been cut off. The bad news, there’s more to come. Trend Micro’s TrendLabs Security Intelligence Blog brought up the issue saying,
“Currently, all servers hosting these malvertisements are now inaccessible. Some reports mentioned that CERBER is being peddled in the Russian underground market as ransom ware-as-service (RaaS). This confirms that we will be seeing more of CERBER in the near future.”
So as always if you have anything Adobe on your system it’s always worth taking the latest update onto your system, even if they are prone to the occasional zero day exploit.
Remember when Android users rejoiced and poured scorned that a lowly iPhone couldn’t display flash. Remember that Steve Jobs penned his his famous “Thoughts on Flash”. Hell I’ve even posted an article on how to reduce flash CPU usage by up to 50% just by right clicking on any video.
The reason why cpu usage drops so dramatically with a simple right click is down to Flash pretty much scanning for the mouse and mouse interaction. By bringing up a different menu to focus on, part of the mac OS, cpu usage dies. Go on, fire up activity monitor and try for yourself.
Jobs famously said that Flash was too battery hungry, too unreliable, too insecure, too slow, and too closed to be a wise platform for the mobile-first developers of then-tomorrow. And people scoffed at the time.
But who’s laughing now?
Today, Google announced that YouTube is finally ditching Flash for HTML5 video by default.
“Other content providers like Netflix and Vimeo, as well as companies like Microsoft and Apple have embraced HTML5 and been key contributors to its success,”
said Google, pointing out the obvious: Flash content has been on the decline for years. Even Microsoft have pretty much pulled the Plug on their own version of flash.. Well ok not flash but a medium for delivering video content with DRM before Adobe realised their offering was in it’s final death throws.
There will be a cost somewhere down the line as HTML 5 content is dealt with server side not user side.
Now that video has been conquered with a universal format how about we start working on another universal format other than word documents posted online for job applications.
At least we’re hopefully going to start seeing the end of the dreaded “your version of flash is out of date” or translated “whoops another bug’s been discovered, update now for your own sake”
Yet another reason not to use Adobe flash, or if you have to just use Google Chrome so at least it says Sandboxed. If you use Adobe’s flash player on your Mac or any computer you’ll want to get the latest updates. Adobe disclosed a new vulnerability in its flash platform on Monday. This one could allow attackers to remotely take over and control Mac’s, PCs and linux machines because that’s the kind of thing these kinds of things do
Could it be that Steve Jobs was actually right? Adobe has always chewed up processing power on my Macbook and sucked the power out of the battery more than watching a dvd (right click on a flash video to reduce cpu and power consumption) and today we hear that Adobe will stop developing for Android and Rim’s playbook.