New Adobe Flash critical security updates

>>52898300
>>Consider removing Adobe Flash from your system
but how will i porn

File: image.jpg (50KB, 500x480px) Image search: [Google]

50KB, 500x480px

I want to, Anon.

I really really want to.

But I need it to submit homework and take midterms.

>Consider removing Adobe Flash from your system
Find me a way to play Super Deepthroat and Rondo Duo without it and I'll remove it.

>>52898333
HTML5.

>>52898336
You're kidding, right? If there are more like minded people much like yourself, consider taking this to management with them. With a larger group they will take it serious. Keep bugging them with security vulnerabilities until they reply.

File: flash.png (1MB, 1090x8140px) Image search: [Google]

1MB, 1090x8140px

I uninstalled Flash in 2009 due to security concerns.
I pity the ignorant sheeple who laughed at me.

>>52898368
Some courses require "web access" textbooks which basically means that the publisher gives you time-limited access to a flash-based ebook stored in the cloud. You have to use the same platform for turning in homework and tests. Also, you lose access when the semester ends.

I used to fantasize about electronic textbooks as a child. I never asked for this.

>>52898368
>HTML5.
mainstream porn sites like brazzers do not support that.
where the fuck do you get your porn?

>>52898435
I feel for you, anon.
>What happened to regular study (e)books you can buy yourself?
>What happened to email turn in your homework?
>What happened to pen and paper to write your exams?

DOESN'T AFFECT ME BECAUSE I DON'T HAVE FLASH INSTALLED

>>52898476
>streaming porn

>>52898476

ashemaletube
xhamster

>>52898476
Contact brazzers immediately
Maybe you can even make a deal - you develop a html5 player to them and they pay you top dollar

>>52898476
The world is bigger than your silly Brazzers subscription, lad. PornHub uses HTML5, and it's not like you can't download premium content using other means.

>>52898476
https://rg3.github.io/youtube-dl/

>>52898300
It will never die as it is required for 97% of the websites normies use.
How will they be able to post slutty pictures or play farmville?
Just embrace it, you'll feel better.

>>52898300
>Consider removing Adobe Flash from your system
Linux user here (fuck off GNUtards), I just use freshplayerplugin, a ppapi2npapi compatibility layer that allows me to use chrome's up to date pepper flash with firefox.

>no motherless
>html5 screen tearing
>always lower quality on youtube

>>52898530
>97% of the websites
Stop lying on the Internet.

>>52898537
>no motherless
youtube-dl or mpv

>>52898550
i'll try after work, thx anon.

>>52898501
>not streaming porn
>watching the same clip over and over again
>having zillions of hdds to accommodate all your porn

>>52898476
>He can't into changing his user agent
Get out of /g/

>>52898544
Yeah go ahead and highlight only what you want to make your shit point even though it was accurate.
>stop the internet

>>52898300
I ditched Flash in August last year. Haven't missed it really, although I keep a portable version of Chrome around in case I do need it for something.

>>52898550
>trying to fap
>only have one hand free
>have to c&p links for youtube-dl or mpv
>fail

>>52898584
use middle-click to paste

>>52898572
i'm not watching shit quality mobile versions

The world could be a much better place if people transcended their primitive stone-age drives such as porn and video games.

>>52898537
u wot m8? Motherless has a HTML5 player that's served by default when Flash isn't detected.

>>52898594
99% of everything is shit, why would you want to watch something where you can see all the defects.

If something is actually good you can always torrent a decent version.

>>52898611
>ad video starts to autoplay
>for flash: just make it click-to-play
>for html5: hope that some hacks will reliable work in the future

>>52898626
uBlock

What big websites still require flash?

>>52898652
"97% of all Normie websites"
(It's a lie)

>>52898576
>stop the internet
I have to admit, I laughed out loud

>>52898652
all the big porn sites

>>52898632
desu i never want any video to autoplay just because i'm on their site. ads or not. html5 does not allow that.

>>52898626
>he doesn't have an ad blocker installed

Jesus fuck, anon. Step it up. If anything, HTML5 ads are even easier to block than Flash ones.

>>52898666
Bullshit. Almost all of the big porn sites have a HTML5 player. You're just not shown it if you have Flash installed. Places like Pornhub, Motherless, Xhamster, Ashemaletube, etc. all default to a HTML5 player with absolutely no user agent fuckery or anything else if Flash isn't installed.

>>52898674
NoScript does just that for HTML5 video if you want

>>52898666

Which ones exactly?

Thinking about uninstalling Flash

>>52898300
?Consider removing Adobe Flash from your system,

I will, when every single site in this world stop using it.
Only dumb fuck wasted their time not installing Flash and get called by your user whenever something goes wrong.

If they lose their credit card because of flash fucked up then fuck them, I won't wasted my night sleep just because they cant play porn or some shitty facebook games.

Fuck /g/ and fuck this thread.

>>52898674
Of course it does. Install uMatrix and disallow HTML5 videos by default. Simple.

>>52898300
>Its vulnerabilities are always critical, most enable remote code executions leading to a compromised system with full control.
ohrly?
modern browsers, i.e. not firefox, have a decent sandbox.

UNINSTALL FLASH AND INSTALL CHRONE. IT PLAYS FLASH SITES PERFECTLY

>>52898703
Then you still have Flash

>>52898703
Because it has its own version of the Flash plugin built in, dumbass. You're not uninstalling Flash, you're just changing to the PepperFlash version over the NPAPI version.

>>52898703
Chrome has flash built in. It's even more of a security hazard

>>52898677
>Bullshit. Almost all of the big porn sites have a HTML5 player. You're just not shown it if you have Flash installed. Places like Pornhub, Motherless, Xhamster, Ashemaletube, etc. all default to a HTML5 player with absolutely no user agent fuckery or anything else if Flash isn't installed.
that's low-quality tubeshit and not real for-pay pornsites. where do you think tubeshit gets its porn from?

>>52898300
>2016
>still using flash

>>52898333
mobile websites usually have html5
You can also just look into the source and CTRL+F for ".mp4".

>>52898709
pepper plugins are way more secure than basically unrestricted npapi. stop using shit browsers and you won't get owned

Yes, yes, good goyim, keep Flash installed

>>52898706
>>52898709
>>52898713
Therefore flash will not go away as long as google includes it in chrome.

>>52898714
You are a literal fucking retard if you're paying for porn in 2016. But then you're here playing cheerleader for fucking Flash, so we knew that already.

>>52898722
Nobody cares. Not having Flash is about not having Flash, not how secure each version of the plugin is. I object to Flash's continued existence in any form. It's a deprecated relic from a different era and needs to die.

>>52898739
Chrome is non-free software. You should not use it anyway.

>>52898678
you realize those are hacks?

how often do you have to press play then, before youtube starts the video?

>>52898747
NoScript supports whitelists and YouTube is on it by default.

>>52898743
>You are a literal fucking retard if you're paying for porn in 2016.
who said anything about paying?

>>52898746
what should i use then? firefox? it has ugly UI.

I prefer the old classic frirefox but now its too outdated.

>>52898743
>I object to Flash's continued existence in any form. It's a deprecated relic from a different era and needs to die.
how will html5 be even more secure when it gets feature-parity with flash?

>>52898771
Chromium or GNU IceCat

>>52898739
Google don't give a shit about Flash. Chrome is just a browser for normies, so they need to have it installed so people don't start bitching that [site] doesn't work and switch browsers. Behind the scenes, they're working hard to kill Flash. Both Youtube and their ads are moving away from it.

http://www.bbc.co.uk/news/technology-35540187

>>52898747
What the fuck does Youtube have to do with anything? You obviously whitelist sites that you want to play things by default. You're doing nothing to dispel the image that people who still use Flash in 2016 are mentally retarded.

>>52898758
There is literally no pay site worth accessing even for free.

>>52898774
Okay, I'm out. You tech-illiterate retards are too much. Enjoy your Flash plugin, guys. Thankfully, the rest of us no longer have to.

>>52898584

https://addons.mozilla.org/en-US/firefox/addon/open-with/

Just add mpv.

>>52898755
but i don't want youtube to autoplay nor do i want a broken interface when i want it to play.

>>52898781
>What the fuck does Youtube have to do with anything?
html5 does not have a concept of autoplay. that's just a fact.
>There is literally no pay site worth accessing even for free.
sure, having shitty re-encodes of short clips from said paysites is all everyone needs.
>You tech-illiterate retards are too much.
sounds like you are the illiterate if you can't argue your point

File: Capture.png (838KB, 1440x900px) Image search: [Google]

838KB, 1440x900px

>>52898333
>but how will i porn

By using mpv

ITT: Adobe employees shilling instead of fixing fatal security vulnerabilities

I removed flash entirely a while ago.
Nothing requires it anymore except some local American news affiliates

>>52898838
xhamster just works with HTML5 too

>>52898838
for-pay pornsites have flash restrictions that youtube-dl can't circumvent.

>>52898850
>fatal security vulnerabilities only if you use a shit browser with no adequate sandbox like firefox
>FTFY

>>52898838
Eggs plane pls

This thread is full of idiotic horny teenagers who are flat out wrong anyway:

1. Almost no major porn streaming sites require flash
2. Even then, you shouldn't be bothering with embedded HTML5 files and ads
3. Literally just paste the URL as the argument to mpv (with youtube-dl installed) and it will stream it to your player.

It's that fucking simple.

File: Capture.png (764KB, 1440x900px) Image search: [Google]

764KB, 1440x900px

>>52898867
It was an example, but yeah you are right.
Here is xvideos, which asks you to install flash on desktop at least you spoof your user agent
As a note, ill just say performance on mpv is MUCH better than flash or HTML5, so it works for guys who, like me, have shitty computers.

>>52898886
I havent tried any, but im sure you could just try inspect element on the video, look for the source and use mpv to play it.

>>52898915
1. you are the idiot if you can't gain access to for-pay pornsites and have to use shitty tubesites with low-quality encodes of short clips from those pornsites
3. youtube-dl needs specific hacks for every site. for-pay pornsites aren't among them.

>>52898939
You're SOL. Enjoy your premium content.
Everybody else should do what I say.

>>52898886
There are some resilient flash players out there, but they can defeated. If the video is being streamed, it means it is being downloaded right there to your computer. Unless porn sites start requiring you to use some program with root access, if you can watch it, you can grab it.

So fuck Flash to be honest fa m.

>>52898960
i don't see any big security issues for
a) using a modern browser that that has a restricted flash pepper plugin in a sandbox
b) having flash only enabled on pay-for pornsites that aren't in the business of owning their supposedely paying customers

File: IMG_20160210_125549.png (245KB, 1080x1706px) Image search: [Google]

245KB, 1080x1706px

>>52898694
See https://helpx.adobe.com/security/products/flash-player/apsb16-04.html again, and don't skip the Affected Versions sections this time.

Chrome and Edge are also affected using Adobe Flash. And these vulnerabilities also concern remote code executions leading to full control of the target.

>>52898994
>And these vulnerabilities also concern remote code executions leading to full control of the target.
nowhere does it say that. you can count the cases on one hand where someone managed to bypass chromes' sandbox.

anyway patched before any attacks in the wild.

>>52899009
remember the flash 0-day from hacking team only managed to bypass chrome's flash sandbox on windows due to some kernel exploit. Linux wasn't affected.

File: IMG_20160210_131851.png (191KB, 1080x1713px) Image search: [Google]

191KB, 1080x1713px

>>52899009
>>>52898994
>>And these vulnerabilities also concern remote code executions leading to full control of the target.
>nowhere does it say that.
See https://helpx.adobe.com/security/products/flash-player/apsb16-04.html again, and don't skip the Summary section this time.
>Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Click on the 'critical' hyperlink to read up on their classification of security rating semantics.
>Critical - A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

>you can count the cases on one hand where someone managed to bypass chromes' sandbox.
>anyway patched before any attacks in the wild.
Did you actually miss the Hacking Team leak last year, or are you really that naive?

>>52899197
retard, see
>>52899140

>>52899209
Mate, I just refuted your argument by pointing out these actually do concern remote code execution vulnerabilities, on multiple browsers and platforms. Did you really just skip that as well?

>>52899209
Adobe assumes no sandbox in their classification, because that's out of their scope.
so that classification only applies to firefox which has no real flash sandbox, only one that separates the npapi plugin from the browser process, but npapi itself still gives it full access to everything.

>>52898694
>Trusting a built in sandbox

File: IMG_20160210_133343.png (182KB, 1080x1344px) Image search: [Google]

182KB, 1080x1344px

>>52899009
>>52899209
>>>https://helpx.adobe.com/security/products/flash-player/apsb16-04.html

>>52898300
another day another flash vilnerability
>2016
>using flash instead of mpv
>not using gnash

>>52898300
>Consider removing Adobe Flash from your system
oh, I wish I could
but there's flash-only sites I still need to use, so it stays

>>52898435
Fuck, I hate this shit. The worst part is when they force you to buy an "access code" along with the book just so you can do homework assignments. Fuck professors who do this

>>52898300
I would like to remove flash, but recently I've come to rely on it.

At work we encrypt our documents with some PDF encryption from FileOpen stuff to make things as non-free and "as-a-service" as much as possible. Most people don't want to install the plugin, so instead we send them a browser version of documents that uses flash.

If we can't use flash, then those browser based documents won't work. There exists no good DRM software, and all of them use flash.

>>52899645
>>using flash instead of mpv
mpv is prolly more vulnerable than flash. we are talking ancient mplayer code here and your 'play with' extensions doesn't seem to sanitize any input.
upstream doesn't even mark security issues and your distro prolly keeps it out of date.

>>52900940
wasn't mpv an mplayer2 fork and removed most of mplayers code?

>>52898300
>implying i didn't uninstall it at least a year ago and never looked back
anon pls

>>52901066
>man mpv
>The way mpv uses playlist files via --playlist is not safe against maliciously constructed files. Such files may trigger harmful actions. This has been the case
>for all mpv and MPlayer versions, but unfortunately this fact was not well documented earlier, and some people have even misguidedly recommended use of --playlist
>with untrusted sources. Do NOT use --playlist with random internet sources or files you do not trust!

>>52901203
that's for --playlist, what about the rest? i never used --playlist before.

>>52901238
one dangerous example is enough to dispute any claims like mpv removed mplayer's legacy vulnerabilities.

parsing random input is hard and i wouldn't trust any upstream's security that doesn't even do CVEs.

File: Untitled.png (31KB, 969x702px) Image search: [Google]

31KB, 969x702px

>>52898300

Autoupdate is also disabled. Fite me :^)

>>52901339
>flash in a modern browser like Chrome
parse files in a sandbox
play with up to date bundled ffmpeg
auto-updated
>mpv
get link through browser extension & youtube-dl
parse files as local user that owns everything important
play with some random ffmpeg/libav
hope someone cares to maintain mpv, browser extension, youtube-dl, ffmpeg/libav

case in point VLC in arch:
vulnerable since ~6 months now because arch doesn't follow CVEs and VLC devs couldn't be arsed to do a new release:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5949
>VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers.

>>52901690
>parse files as local user that owns everything important
who stores important stuff without special permissions and backups?

File: chrome_2016-02-10_23-39-22.png (5KB, 313x70px) Image search: [Google]

5KB, 313x70px

>2016
>having flash enabled
ayyy

>>52898333
Forget porn I just want to use Deezer with HTML5