Dealing with Flash Vulnerabilities
At this point, there are not many viable alternatives to Flash. However, the security concerns associated with Flash have become so serious and prevalent – that we decided it was important to share the warnings being issued across the industry – so members of our community can be better informed. Should you prefer to keep Flash, we strongly encourage you to make sure the application is always up to date.
Great information from Tom’s Hardware for those looking for the best way to cope with the seemingly never ending list of Flash security vulnerabilities.
(UPDATE: As of the morning of July 14, both the Mozilla Firefox and Google Chrome browsers blocked Flash from running automatically. Users could still choose to run individual instances of Flash.)
(UPDATE: Adobe patched the two latest flaws July 14, according to the company’s latest security bulletin. As of this writing, both Chrome and Firefox were still blocking Flash from automatically running. Firefox and Microsoft Internet Explorer users can manually update here; be sure to uncheck the “optional offers” to avoid potentially unwanted programs being installed along with the Flash update. Chrome should automatically update itself later today.)
The previously unknown flaws were in files stolen from Hacking Team, an Italian company that sells digital surveillance tools to governments worldwide, and posted online July 5. In an advisory posted Friday, Adobe said it “expects” to provide patches for the vulnerabilities “during the week of July 12, 2015.”
Even after these flaws are patched, Adobe Flash Player will still be a huge security risk. Alex Stamos, head of security at Facebook, yesterday urged that “Adobe … announce the end-of-life date for Flash,” adding that browsers should disable Flash at the same time.
To heed Stamos’ advice, you may want to leave Flash permanently disabled, although you won’t be able to view many animations and, well, animated ads. A less drastic solution is to set Flash to “click to run”; any Flash animation that wants to run will need your permission first.–http://www.tomsguide.com/us/disable-flash-how-to,news-21335.html
How to Disable Flash http://www.tomsguide.com/us/disable-flash-how-to,news-21335.html
Two critical flaws in Adobe Flash Player were found this past Friday (July 10), and Adobe can promise only that it will patch the vulnerabilities sometime this week. Until then, it’s best to disable Flash Player in all desktop Web browsers.
How to Set Adobe Flash Player to Click-to-Run http://www.tomsguide.com/us/flash-click-to-run-how-to,news-20422.html
To maximize your Web security and defeat the seemingly endless supply of malware that exploits the innumerable flaws in Flash Player, you should change your browser settings so that Flash Player plays only the content that you select by clicking on it.
This way, you’ll still be able to watch YouTube videos in older browsers (newer ones use HTML5), but you won’t be bothered by annoying animated ads or infected by malicious websites and ads