I still find Flash useful. I still use it. I'm not at all worried about these vulnerabilities. If and when I find Flash not longer useful I will remove it. I still use Java too.
I'm also not really satisfied with HTML5 video at the moment. And Flash is used all over the web, so uninstalling is no option at the moment.
It is simply an incorrect assertion to state that flash is superior in every way. "Every way" includes limitless areas defined by the person using it. Flash currently runs better on your system than HTML 5 does due to reasons unknown to us forum users as we don't have the details of your system. This isn't a superiority of flash, it's a problem with your setup which HTML5 videos has revealed to you, but using flash allows you to ignore.
Do you use Java or the Java browser plugin? 2 different things that are not necessarily connected. As of Java 8, the browser plugin is no longer installed by default.
Does that apply to your system if you use Chrome's plugin and have not installed Flash via Adobe? I was under the impression that the way Chrome does it, the plugin could only be used in the browser, whereas Adobe's installer (necessary for other browsers except the Metro variant of IE) would set up a system-wide installation that could leave you vulnerable in the ways they point out.
Even with it's vulnerabilities, I think there's still a purpose for Adobe Flash. However, I do believe that Adobe Flash will slowly die out, just not any time soon. If you do use Adobe Flash, I would recommend setting it to "Ask to Activate", "Click to Play", etc. in your browser. As for Adobe Reader - Definitely better alternatives out there (Foxit Reader, Sumatra PDF, etc.)
There's 2 system-wide versions of Flash - ActiveX & NPAPI. Microsoft Office uses the ActiveX version, while most other browsers use NPAPI. Chrome has embedded PPAPI, Edit: and no longer includes NPAPI. So just as you suspected, any system without the ActiveX version of Flash is naturally not vulnerable to flash exploits leveraged through Office documents.
You need to actually have Flash installed, though, don't you? If I uninstall Flash from my machines, then all I see in Chrome is PepperFlash (PPAPI). Is there such a thing as a system running Win8/8.1 without the ActiveX version of Flash? I was under the impression that Flash was a built-in component of IE in Win8 and could not be uninstalled.
Yes, Chrome has only PPAPI version installed. They removed NPAPI in past. ActiveX flash in Windows 8 can't be removed the "normal" way. You have to use some hacks to do it.
Yes. The easiest answer to the article re: Flash plugin loading in Microsoft Office, is to disable it using EMET 5.2. The the "recommended" profile contains Office, and using the ASR (attack surface reduction) will disable the Flash activex controller from loading in Office. I don't have my 8.1 machine with me to confirm, but all I did was install ActiveX flash over the top of the built in Flash, and then uninstall it. It appeared to remove all the active components, but now I'm not certain. Ta for the correction. I wasn't aware of the change.
Yes, that's what I thought. I read about one such hack and it appeared to be rather involved and even more involved to get it re-installed if one ever wanted to do so.
Yes........done! Well, I just flat cannot install ActiveX flash on my 8.1 machine, no matter what. The Adobe installer keeps throwing an error that states 'IE includes the latest version of Flash' and 'Windows Update will inform me when new versions of Flash are available'. The only option available is the "QUIT" button.
I've been poking around all over the joint trying to find precisely the same information. The best I was able to unearth is that if you've dealt properly with IE, Word, Excel, PowerPoint, and Access, you're pretty much covered. Perhaps someone else can provide something more definitive.
My understanding is that there are a number of ActiveX controls. I'm not sure which one(s) your tax program utilizes, but what we're primarily referring to here is the ActiveX Flash control (flash.ocx).
Sheesh... do you have some kind of personal grudge against HTML5 or something? Wronged you in a past life? lol. I've been using it for some time now. I could never stand Adobe Flash and waited for an alternative for years. I find HTML5 less bloated, more intuitive, and secure given the right circumstances/tweaks. And I trust it more and hate the idea of any company/product having a monopoly on their service like Adobe did with Flash with so long. I don't use PDF but used to use Sumatra when I did.
Unlike you, I don't have any strong feelings regarding these tools, and simply use whichever is the most efficient for the job I require. I've seen a lot of emotional and irrational things written about Flash vs HTML5 over the years, and nearly all of the arguments in favour of HTML5 don't really justify using a tool that isn't quite mature yet. When a piece of software already exists that is everything I'd want HTML5 to eventually be, then I don't see what the hurry is.
Still need to use it sometimes, and I actually find "right-clicking > run plugin" instead of just left-clicking more annoying.
Flash Threats: Not Just In The Browser http://blog.trendmicro.com/trendlabs-security-intelligence/flash-threats-not-just-in-the-browser/
Three bypasses and a fix for one of Flash's Vector.<*> mitigations http://googleprojectzero.blogspot.com/2015/08/three-bypasses-and-fix-for-one-of.html
Google to hit pause on Flash ads in Chrome on September 1 http://www.zdnet.com/article/google-to-hit-pause-on-flash-ads-in-chrome-on-september-1/ Google to Pause Flash Ads in Chrome Starting Next Week https://threatpost.com/google-to-pause-flash-ads-in-chrome-starting-next-week/114451
HTML5 was a sight for my sore eyes, but I'm starting to think it will suffer some of flash's problems.
