Adobe Flash Will Become Click-To-Run In Edge and Chrome

Major changes will occur in the Adobe Flash plugin as it will become a click-to-run program in the Edge and Chrome browsers next year.

Major Changes Are Coming To The Flash Plugin

The Adobe Flash plugin is going through some big changes. Starting from next year the Google Chrome web browser (starting from the stable release of version 56) the click-to-run behavior for it will be enabled. To relieve some of the user’s concerns, the company will whitelist the ten most popular Flash-dependant web sites which will be in effect for a year. This solves two key issues that computer users might face:

  1. Users will not have to execute any additional steps to visit the most popular Flash-heavy sites.
  2. The click-to-run execution of Flash content will enhance security and prevent various malware from being distributed.

Mozilla has also issued a stance to stop supporting the Adobe Flash plugin by reducing its usage. Some of the major concerns that their developers have are related to computer crashes. Their current plan is to block specific Flash content which is invisible to the users to further decrease the crash rate.

Flash Fixes Critical Issues Once Again

The Adobe Flash player was patched on Tuesday with a new version that fixes a total of 17 security flaws, including a zero-day issue that has been exploited by hackers. The following Flash-related products are updated:

  • Adobe Flash Player Desktop Runtime – Windows and Macintosh versions
  • Adobe Flash Player for Google Chrome – Windows, Macintosh, Linux and Chrome OS versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 – Windows 10 and 8.1 versions
  • Adobe Flash Player for Linux

The following vulnerabilities are addressed:

  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
  • These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876).
  • These updates resolve a security bypass vulnerability (CVE-2016-7890).

How disturbing is this problem?

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *