For years now, Flash is considered the most significant security vulnerability. Its vulnerabilities are always critical, most enable remote code executions leading to a compromised system with full control. It requires constant patching, and updates even cause new critical vulnerabilities in turn.
This is getting too silly. The world has put up with it for far too long and it's time to deprecate this strange beast.
Consider removing Adobe Flash from your system, embrace open standards and urge your own IT department to do the same. The more people jump ship, the faster the develolment of viable and more secure alternatives.
I want to, Anon.
I really really want to.
But I need it to submit homework and take midterms.
You're kidding, right? If there are more like minded people much like yourself, consider taking this to management with them. With a larger group they will take it serious. Keep bugging them with security vulnerabilities until they reply.
I uninstalled Flash in 2009 due to security concerns.
I pity the ignorant sheeple who laughed at me.
Some courses require "web access" textbooks which basically means that the publisher gives you time-limited access to a flash-based ebook stored in the cloud. You have to use the same platform for turning in homework and tests. Also, you lose access when the semester ends.
I used to fantasize about electronic textbooks as a child. I never asked for this.
I feel for you, anon.
>What happened to regular study (e)books you can buy yourself?
>What happened to email turn in your homework?
>What happened to pen and paper to write your exams?
>Consider removing Adobe Flash from your system
Linux user here (fuck off GNUtards), I just use freshplayerplugin, a ppapi2npapi compatibility layer that allows me to use chrome's up to date pepper flash with firefox.
>he doesn't have an ad blocker installed
Jesus fuck, anon. Step it up. If anything, HTML5 ads are even easier to block than Flash ones.
Bullshit. Almost all of the big porn sites have a HTML5 player. You're just not shown it if you have Flash installed. Places like Pornhub, Motherless, Xhamster, Ashemaletube, etc. all default to a HTML5 player with absolutely no user agent fuckery or anything else if Flash isn't installed.
?Consider removing Adobe Flash from your system,
I will, when every single site in this world stop using it.
Only dumb fuck wasted their time not installing Flash and get called by your user whenever something goes wrong.
If they lose their credit card because of flash fucked up then fuck them, I won't wasted my night sleep just because they cant play porn or some shitty facebook games.
Fuck /g/ and fuck this thread.
>Its vulnerabilities are always critical, most enable remote code executions leading to a compromised system with full control.
modern browsers, i.e. not firefox, have a decent sandbox.
>Bullshit. Almost all of the big porn sites have a HTML5 player. You're just not shown it if you have Flash installed. Places like Pornhub, Motherless, Xhamster, Ashemaletube, etc. all default to a HTML5 player with absolutely no user agent fuckery or anything else if Flash isn't installed.
that's low-quality tubeshit and not real for-pay pornsites. where do you think tubeshit gets its porn from?
You are a literal fucking retard if you're paying for porn in 2016. But then you're here playing cheerleader for fucking Flash, so we knew that already.
Nobody cares. Not having Flash is about not having Flash, not how secure each version of the plugin is. I object to Flash's continued existence in any form. It's a deprecated relic from a different era and needs to die.
>I object to Flash's continued existence in any form. It's a deprecated relic from a different era and needs to die.
how will html5 be even more secure when it gets feature-parity with flash?
Google don't give a shit about Flash. Chrome is just a browser for normies, so they need to have it installed so people don't start bitching that [site] doesn't work and switch browsers. Behind the scenes, they're working hard to kill Flash. Both Youtube and their ads are moving away from it.
What the fuck does Youtube have to do with anything? You obviously whitelist sites that you want to play things by default. You're doing nothing to dispel the image that people who still use Flash in 2016 are mentally retarded.
There is literally no pay site worth accessing even for free.
Okay, I'm out. You tech-illiterate retards are too much. Enjoy your Flash plugin, guys. Thankfully, the rest of us no longer have to.
>What the fuck does Youtube have to do with anything?
html5 does not have a concept of autoplay. that's just a fact.
>There is literally no pay site worth accessing even for free.
sure, having shitty re-encodes of short clips from said paysites is all everyone needs.
>You tech-illiterate retards are too much.
sounds like you are the illiterate if you can't argue your point
This thread is full of idiotic horny teenagers who are flat out wrong anyway:
1. Almost no major porn streaming sites require flash
2. Even then, you shouldn't be bothering with embedded HTML5 files and ads
3. Literally just paste the URL as the argument to mpv (with youtube-dl installed) and it will stream it to your player.
It's that fucking simple.
It was an example, but yeah you are right.
Here is xvideos, which asks you to install flash on desktop at least you spoof your user agent
As a note, ill just say performance on mpv is MUCH better than flash or HTML5, so it works for guys who, like me, have shitty computers.
I havent tried any, but im sure you could just try inspect element on the video, look for the source and use mpv to play it.
1. you are the idiot if you can't gain access to for-pay pornsites and have to use shitty tubesites with low-quality encodes of short clips from those pornsites
3. youtube-dl needs specific hacks for every site. for-pay pornsites aren't among them.
There are some resilient flash players out there, but they can defeated. If the video is being streamed, it means it is being downloaded right there to your computer. Unless porn sites start requiring you to use some program with root access, if you can watch it, you can grab it.
So fuck Flash to be honest fa m.
i don't see any big security issues for
a) using a modern browser that that has a restricted flash pepper plugin in a sandbox
b) having flash only enabled on pay-for pornsites that aren't in the business of owning their supposedely paying customers
See https://helpx.adobe.com/security/products/flash-player/apsb16-04.html again, and don't skip the Affected Versions sections this time.
Chrome and Edge are also affected using Adobe Flash. And these vulnerabilities also concern remote code executions leading to full control of the target.
>And these vulnerabilities also concern remote code executions leading to full control of the target.
nowhere does it say that. you can count the cases on one hand where someone managed to bypass chromes' sandbox.
anyway patched before any attacks in the wild.
>>And these vulnerabilities also concern remote code executions leading to full control of the target.
>nowhere does it say that.
See https://helpx.adobe.com/security/products/flash-player/apsb16-04.html again, and don't skip the Summary section this time.
>Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Click on the 'critical' hyperlink to read up on their classification of security rating semantics.
>Critical - A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.
>you can count the cases on one hand where someone managed to bypass chromes' sandbox.
>anyway patched before any attacks in the wild.
Did you actually miss the Hacking Team leak last year, or are you really that naive?
Mate, I just refuted your argument by pointing out these actually do concern remote code execution vulnerabilities, on multiple browsers and platforms. Did you really just skip that as well?
Adobe assumes no sandbox in their classification, because that's out of their scope.
so that classification only applies to firefox which has no real flash sandbox, only one that separates the npapi plugin from the browser process, but npapi itself still gives it full access to everything.
I would like to remove flash, but recently I've come to rely on it.
At work we encrypt our documents with some PDF encryption from FileOpen stuff to make things as non-free and "as-a-service" as much as possible. Most people don't want to install the plugin, so instead we send them a browser version of documents that uses flash.
If we can't use flash, then those browser based documents won't work. There exists no good DRM software, and all of them use flash.
>>using flash instead of mpv
mpv is prolly more vulnerable than flash. we are talking ancient mplayer code here and your 'play with' extensions doesn't seem to sanitize any input.
upstream doesn't even mark security issues and your distro prolly keeps it out of date.
>The way mpv uses playlist files via --playlist is not safe against maliciously constructed files. Such files may trigger harmful actions. This has been the case
>for all mpv and MPlayer versions, but unfortunately this fact was not well documented earlier, and some people have even misguidedly recommended use of --playlist
>with untrusted sources. Do NOT use --playlist with random internet sources or files you do not trust!
one dangerous example is enough to dispute any claims like mpv removed mplayer's legacy vulnerabilities.
parsing random input is hard and i wouldn't trust any upstream's security that doesn't even do CVEs.
>flash in a modern browser like Chrome
parse files in a sandbox
play with up to date bundled ffmpeg
get link through browser extension & youtube-dl
parse files as local user that owns everything important
play with some random ffmpeg/libav
hope someone cares to maintain mpv, browser extension, youtube-dl, ffmpeg/libav
case in point VLC in arch:
vulnerable since ~6 months now because arch doesn't follow CVEs and VLC devs couldn't be arsed to do a new release:
>VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.