Is this the beginning of a trend?
Ubuntu device maker System76 recently said in a blog that it will no longer pre-install Adobe Flash on all laptops and desktops. Why? Because the company deems the software a security risk. System76 is even urging its customers to get rid of Flash altogether.
“Even if you think you need Flash, you should experiment with a trial separation…. You’ll probably be surprised by how little your web experience changes,” the blog states.
If customers still need Flash in their daily diet, the company suggests that they use Chrome. Google’s browser includes a sandboxed implementation of the embedded Flash software that may protect users from future zero-day exploits. Still, Chrome’s method isn’t totally immune, so System76 believes the best protection is to get rid of Flash altogether.
To do so, simply use this command: sudo apt-get purge flashplugin-installer
The blog points out that Flash is no longer the standard for online media and animation. The date isn’t 2007 and every website isn’t flashing this and that at visitors. Instead, the modern Internet is moving away from Flash and using new, modern tech like HTML5 and CSS 3. Browsers such as Google Chrome and Microsoft Edge are even working to minimalize plugins and extensions to make browsing the web easier and safer.
News of the company’s quest to rid its devices of Flash come after Mozilla began blocking the Flash player in Firefox by default. However, Firefox users wanting to keep Flash alive can re-enable the software in the Add-ons section. The most recent version of Firefox, version 39, doesn’t even come with the plugin installed.
On Tuesday, Adobe released a new version of the Flash Player that includes patches for CVE-2015-5122 and CVE-2015-5123 (CVE-2015-5119 was patched earlier this week). Originally, all three vulnerabilities were discovered in a 400GB data cache that was stolen from Italian surveillance software vendor Hacking Team.
According to Kaspersky Lab, CVE-2015-5122 was an ActionScript 3 opaqueBackground use-after-free bug and CVE-2015-5123 was a BitmapData use-after-free bug. Both depended on the Web surfer landing on a site packing an exploit. These bugs provided complete access to the visitor’s machine. Ouch.
From maximumpc
from http://bit.ly/1V4Ejvg
