
0-day Adobe Flash remote code execution exploit. No patch is available - stevenh
http://krebsonsecurity.com/2015/07/adobe-to-fix-another-hacking-team-zero-day/
======
nacs
You'd think Adobe would at least have an auto-update tool by now.

But no, every time, we have to goto their download page, __uncheck __Mcaffee
bundleware and run through the installation wizard every time.

I think it's time to completely disable the plugin..

~~~
acdha
They do have an updater but it's slow to pick up changes and still requires
user intervention.

I haven't had Flash installed for a couple years and rarely miss it – if you
use click-to-play many sites favor Flash but will use HTML5 video if the
plugin isn't available, so you actually get a better experience with it
entirely gone rather than just disabled by default.

------
t0mas88
Adobe should slowly fade to a thing we once knew and just disappear soon...

------
x0x0
and if you must have flash, run it in chrome -- they have sandboxing (though
one of the recent exploits got around that), but they also have auto-update
that works. Oh, and they fix fucking 0-days faster than Adobe :rolleyes:

~~~
PhantomGremlin
I sometimes use Chrome, just for the few times I want Flash.

I've created a separate Standard user for this on my Mac. I don't really care
if a Flash exploit takes over this user. The exploit would then have to work a
little bit harder to get its tentacles into the rest of OS X (although I'd bet
there were OS X zero-day exploits in that Hacking Team dump).

I suppose it's time to add a VM to the recipe. Then my protections would be:

    
    
       1st Flash itself
       2nd Chrome sandbox
       3rd VMware
       4th OS X Standard User
    

What are the odds of any exploit being able to circumvent all of that?
Probably high if I'm a strategic target, probably very low if I'm Joe Random
User.

Anything else I could do to protect myself, other than eschewing Flash
altogether?

~~~
x0x0
Honestly, I'd suggest a disposable amazon windows ami for total security...

