Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
Yep... looks like v.10 is done for, and v.11 is (out of beta and now) the new kid on the block: < http://www.adobe.com/products/flashplayer.html> Adobe Flash Player 11< current version> 11.0.1.152 [btw artie, visiting adobe's site there is one place where i seem to acquire those apmebf cookies... or so it appears, sometimes.]
Last edited by Hal Itosis; 10/04/11 11:29 PM.
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
> [btw artie, visiting adobe's site there is one place where i seem to acquire those apmebf cookies... or so it appears, sometimes.]
I visit Adobe's site regularly when I hit "Check Now," but I've never acquired an "apmebf," and, as a matter of fact, I haven't found one on my deuced Mac(hina) since I posted the issue (how long ago?).
What I have found, though, is that my blocked "Local Storage" and "Camera and Microphone" sites periodically disappear after an update.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
I went to that site and thought I'd do a "test run" of their disinfecting procedure. I entered their Instruction plutil -convert xml1 /Applications/Safari.app/Contents/Info.plist into Terminal but, instead of Plist Files, I got a Permission Denied response. I also tried their %malware_path% but got No such job. What am I missing? Thanks.
Last edited by ryck; 11/09/11 11:21 PM.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Sonoma 14.4.1 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
I went to that site and thought I'd do a "test run" of their disinfecting procedure. I entered their Instruction plutil -convert xml1 /Applications/Safari.app/Contents/Info.plist into Terminal but, instead of Plist Files, I got a Permission Denied response. That plist is owned by root, so one would need to prepend sudo and enter an admin password when prompted. But i disagree with their instructions. There's no need to convert to xml at all. We can read or delete the offending key while it's still in "binary" form. To read: defaults read /Applications/Safari.app/Contents/Info LSMinimumSystemVersion 10.6.0
I used a valid key there, to show how normal output appears for a key that * should* exist. (according to that key, Safari 5.1.1 requires a minimum OS of 10.6.0). Now, let's try to read the bad guy: defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2011-11-10 13:53:26.696 defaults[80926:903] The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
Good, that key doesn't exist in my Safari plist. If anyone doesn't see that exact error, but instead gets some sort of "output"... then that's a problem. I also tried their %malware_path% but got No such job. Yeah well, the instructions provided by F-Secure are a little difficult to follow... so I'll try to clean it up. Since they instructed folks to convert to xml format, here's how their version of the offending data should look: <key>LSEnvironment</key>
<dict>
<key>DYLD_INSERT_LIBRARIES</key>
<string>%malware_path%</string>
</dict>
If done using my defaults read method, the output would be something more like this: LSEnvironment = {
"DYLD_INSERT_LIBRARIES" = (
%malware_path%
);
};
So "%malware_path%" isn't anything to be entered as a command, but rather, it was their way of indicating that some sorta path string should be there, which tells us where the malware is located. E.g., instead of "%malware_path%" there would be a pathname: /folder/folder/folder/file maybe something like: /Library/Printers/Epson/phony_file (idunno) So —assuming one is infected (i.e., my 2nd defaults read example doesn't generate an error message) —then the way to 'disinfect' oneself is to delete whatever file or folder exists at the end of that "%malware_path%" location, and then delete the offending plist entry using: sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment
Last edited by Hal Itosis; 11/10/11 06:40 PM. Reason: added sudo to the last command :-)
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
Ah, okay... i only searched that page for "%malware_path%" and focused on that section, to answer Rick's questions. Later on i see they narrow down the actual location a bit better, to:
/Applications/Safari.app/Contents/Resources/%payload_filename%
Where "%payload_filename%" is the important item we should destroy. So apparently the %malware_path% will be inside the browser's Resources folder (not externally in /Library as my example theorized).
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
Thanks very much for both posts. I have just used your sets of instructions....
defaults read /Applications/Safari.app/Contents/Info LSMinimumSystemVersion defaults read /Applications/Safari.app/Contents/Info LSEnvironment
.... and got exactly the same results as you.
And thanks for the additional %payload_filename% information.
FYI, this and other things I learn at FineTunedMac are all very helpful for more people than me. I will keep this information a file with other step-by-step instructions where I can pull it out if needed.
e.g. If one of my daughters ever gets in a fix. Or if it's needed to help a couple of older ladies living nearby (one is past 80) who are both Mac users. FTM has a wide reach.
Thank you and all the other FTM folks who are always so willing to educate.
Last edited by ryck; 11/10/11 10:29 PM.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Sonoma 14.4.1 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
Back to "normal" business then... Security update available for Adobe Flash Player Release date: November 10, 2011 Vulnerability identifier: APSB11-28 Platform: All Platforms
SUMMARY
Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and . . .
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
Last edited by Hal Itosis; 11/15/11 12:20 AM.
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 4
|
OP
Joined: Aug 2009
Likes: 4 |
From all I can gather, Adobe's Flash Player is not affected with respect to "non-mobile" hardware, eg desktop and laptop computers. So I don't understand the big kerfuffle. Any short, sweet answers?
|
|
Re: Flash Bashing Express
|
|
Joined: Aug 2009
|
y'know I was just thinking that one side issue Apple may have had is that as long as Flash was on the iphone, "click to jailbreak" apps would be a nonstop weekly occurrence for Apple to deal with.
I work for the Department of Redundancy Department
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
Flash for desktops is continuing unabated, so a lot of the panic surrounding the abandonment of mobile Flash seems overblown to me. There are things it's more difficult to do without Flash, granted, but for the most part, I think folks who want to do those things--games, especially--are better served with "native" mobile apps. Adobe has just announced that it is ceasing development of Adobe FLEX in house and turning that over to the open source community, though, and people are getting upset about that. FLEX is a tool for building apps using Flash, and a lot of (well, okay, SOME) business app developers use it to build business apps that run over the Web. And, naturally, rely on Flash to function. I personally wonder whether Adobe's turn away from FLEX signals that Flash is in for a long, cold winter.
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
From all I can gather, Adobe's Flash Player is not affected with respect to "non-mobile" hardware, eg desktop and laptop computers. So I don't understand the big kerfuffle. Any short, sweet answers? Yes well... it won't last. More and more and more, websites are being accessed by mobile devices. And if webmasters have to retool their pages to cater to non-flash devices, then why not go whole-hog? “Forget†flash... it's definitely in its death throes. [edit: As i understand it, the only real "need" for flash (as a browser player plugin) is that associated with DRM-regulated video. Everything else it does (which one might deem as being vital) can easily be replaced. And again, everyone who likes to whine about google and facebook tracking their movements should keep in mind that flash does that stuff too.]
Last edited by Hal Itosis; 11/16/11 01:09 AM.
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 1
|
Joined: Aug 2009
Likes: 1 |
[edit: As i understand it, the only real "need" for flash (as a browser player plugin) is that associated with DRM-regulated video. Everything else it does (which one might deem as being vital) can easily be replaced. And again, everyone who likes to whine about google and facebook tracking their movements should keep in mind that flash does that stuff too.] It's also needed for certain types of interactivity. Complex games with scripted actions, for instance, can't (yet) be done in pure HTML. However, as time goes on, I think that will be less and less the case.
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
It's also needed for certain types of interactivity. Complex games with scripted actions, for instance, can't (yet) be done in pure HTML. You're right of course... which is why i highlighted ' vital' (as online games aren't such for me). If someone wants to play interactively, or shop at a website with fancy wiggling special effects... let THEM download flash. The rest of us news-watchers and you-tubers should be free to enjoy basic (normal) video, delivered via some standard protocol, etc.
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 5
Moderator
|
Moderator
Joined: Aug 2009
Likes: 5 |
Unfortunately, not all online flash presentations are trivial or backed up by HTML5 counterparts.... The Aviation Safety Foundation (a sub-entity to the Aircraft Owners and Pilots Association) recently sent me a link to one of their current online ASF presentations...and it wouldn't run using Safari 5.1.1 under OS X 10.7.2 with the latest Flash-Player plug-in 11.1.102.55 installed --- the only way I could view it was to open the link using Firefox 6.0.2 on the same platform, where it ran just fine. I sent their web-team the details, but this particular issue appears to be more browser-related than server-side.....
Freedom is never free....thank a Service member today.
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Still re Flash, but a different aspect... I just noticed that the prefs I had set in my Flash Player pref pane reverted to default, probably when I updated to v 11.1.102.55, and I suggest that everybody check their own prefs no less often than after every Flash update. (My prefs reverted once before with no apparent cause, but that predated the Flash pref pane.)
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 7
|
Joined: Aug 2009
Likes: 7 |
The same thing is happening to me. I have trashed Flash preferences repeatedly (actually, ~/Library/Preferences/Macromedia/Flash Player) and that used to work. Yesterday, I used System Preferences>Flash Player>Storage, clicked Delete All and then Delete All Site Data and Settings. I reset my preferences and, so far, they seem to be sticking. Apparently, Delete All also clears ~/Library/Caches/Adobe/Flash Player so that may have been the cure.
Jon
macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
The same thing is happening to me. I have trashed Flash preferences repeatedly (actually, ~/Library/Preferences/Macromedia/Flash Player) and that used to work. Yesterday, I used System Preferences>Flash Player>Storage, clicked Delete All and then Delete All Site Data and Settings. I reset my preferences and, so far, they seem to be sticking. Apparently, Delete All also clears ~/Library/Caches/Adobe/Flash Player so that may have been the cure. I just trashed ~/Library/Prefs/Macromedia and ~/Caches/Adobe in their entirety, but I'm not the least bit optimistic about the reversions to default stopping. We'll see...
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
As an experiment, I just reinstalled the latest version of Flash and restarted, but uneventfully.
Oh, well... Time will tell.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
Damn!!! I've been checking my prefs periodically, and I just found them reverted to default again. Aaargh!!! Heads-up to all.
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Flash Bashing Express
|
|
Joined: Sep 2009
|
|
|
Re: Flash Bashing Express
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
I don't think this is a matter of getting it right on Adobe's part. I think it is more a matter of cutting their losses and doing the minimum effort they can get away with to keep their corporate customers happy. Adobe has already announced they are dropping development of Flash for handheld and tablet devices as well as tacitly acknowledging HTML 5 has already won the day on the desktop. From my knowledge of Macromedia, the originator of Flash and Dreamweaver, my strong suspicion is Adobe is using a huge library of legacy code, which they did not write, developed at time when "security" was an unused word in the programmer's dictionary, and in a programming style that makes maintenance difficult and consequently very expensive. So Adobe has lots of patches to the code and each patch risks exposing and/or creating additional potential exploits. Apple was in a similar position when Steve Jobs returned to take the helm and made the decision to bet the company and invest in a completely new operating system and applications code base written in an unusual dialect of the C language. I have not seen anything from Adobe indicating they have either the vision or the resources to do anything that risky or daring. Personally I don't think Flash will be around much longer. When Microsoft endorses any Open Source technology, and when Apple and Microsoft agree on anything, the game is over and Adobe lost.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
|
|