News Adobe Flash hit by three zero-day vulnerabilities

Does anyone know why TV streaming sites seem to only ever use Flash, if Flash is so redundant now? All I know is that none of the streaming sites I have used work in smartphone browsers and I believe this is singularly down to the lack of support for Flash on mobile devices.

 

Interesting that you have .203 as the latest version as we've just rolled out .209 to a test group, seems to fix the Firefox wibbles (at least in v 39.0).

 

I believe it should be .209

Adobe website:
'7/14/2015 – Updated debugger and standalone versions of Flash player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 15-18. The latest versions are 18.0.0.209 (Win and Mac); and 11.2.202.481 (Linux). All users are encouraged to update to these latest versions.'

 

Long story short - Bandwidth and DRM.

Now pardon me for the hopefully more insightful but lengthy response....

Long story, is that it is easy to host a video file and have the end user progressively download the video file for playback, this sadly is a very bandwidth consuming method, specially if the video cannot be played until its fully downloaded, this method is generally considered a poor experience when delivering/watching content.

Although on some servers it is possible to request a starting position or byte in which to download from, in the event of a fast forward for example, however the content still needs to be prepared in a way that allows for the video to be partially downloaded without getting corrupted as most videos tend to store the video format information in the header and or tail of the video files, not part way through.

To Stream a video requires a different technique than to simply get/request a video file, streaming comes in many forms, such as the older methods such as RTMP used for live streams, however unfortunately RTMP is not a widely supported format or protocol on all mobile/tablet type devices.
In some cases the RTMP protocol may even need to be allowed via the site firewall/router in order to reach the end user.

To skirt around this issue of lack of support, media content providers commonly host content in a stream ready format that is compatible with the HTTP standards, such as HLS (HTTP Live Streaming) by apple or the LSS format (Live Smooth Stream) by Microsoft, Google also attempted to push out a format however it never really took off.

These formats essentially store the video content in small chunks, typically of 2 seconds in length, this allows a user to skip to any part of a video, lets say exactly half way through, instead of downloading the first 50% of the video using up unnecessary bandwidth on both the server and client sides.

This method is akin to the same progressive download method of that used by simply hosting a full video online, but split into smaller chunks of cause, in order to navigate through this collection of 2 second chunks, a index or manifest file is created alongside, identifying which chunk of video is to be loaded at the end of the current 2 second chunk.

This of cause requires a bit of intelligence from the web player that is not currently supported natively, thus this is where Flash and Silverlight (which is now end of life also) would take stage to furfil these duties.

The advantages of this approach also mean that adaptive video streaming is possible, by encoding a video multiple times at different resolutions and bitrates, so that if the device or internet connection is weak, then it is still possible to stream the video without constant buffering, checking every 2 seconds if the internet speed or the video player window has grown in size to trigger a request for a higher quality stream.

So that is partly why Flash is used to deliver content, the other reasons I feel are simply for greater site integration, advertising 'more like this' type of videos and of cause the big old DRM issue that the likes of netflix and lovefilm need to use to prevent their catalogue of content leaking out online, something of which the content rights holders are watching very carefully.

So how do we get out of this hole?
This is where MPEG-DASH comes in, as a native HTML5/Javascript solution for playing back rich media content, with the same advantages of the HLS and LSS formats, but with native support in a browser, of cause as with all new technologies, this format some guidelines but has not yet been fully 100% ratified.

This will of cause require transmuxing (converting the index/manifest file) a lot of content from HLS/LSS formats to the MPEG-DASH format ready for delivery cross platform.

Roll on MPEG-DASH is all I can say.

Regards
Delphium

 

About time Flash went where it belongs, the bin!

 

I uninstalled flash when the first of the latest zero days hit. The number of updates was getting ridiculous and enough was enough. Flash is long dead on mobile and it won't be around forever on the desktop. I doubt though that Adobe is about to announce a Flash free roadmap.

If I had tech that relied on Flash I'd look at changing it to something else.

Guess what?
I did just that.
In 2002.

 

2002...What did you switch to? Java?

 

Thats all very well for you but I like my sports and the only way I can watch much of it, especially when I am abroad is to use streaming services and they all use flash, hence my earlier post and at this point there doesn't seem to be alternatives.

 

Hmm how about?

1. Uninstall stand-alone Flash
2. Don't use Chrome for generic web browsing.
3. Use Chrome for viewing your sports and ONLY on the websites you trust.

You can't get hit by a drive-by zero-day flash exploit on some unknown 'Oooo that looks interesting' website if you're browsing using a browser without flash.

You may still get hit by an exploit from some bad advert on your sports site, but you've reduced your risk significantly.

Or move to an alternative access method. Streaming box? Mobile device? Smart TV?

 

4) Virtualbox. If you catch anything, just burn the VM and start again.

 

@Guinevere
@mi1ez

You both seem to be missing the point. If Flash is killed of completely for PCs (browsers are already starting to block it apparently) how are these services going to continue?

It's all very well suggesting streaming boxes and smart TVs but there is a hell of a lot of content that this services just don't show as they are channels from other countries, some illegally, true but not all of them are illegal.

It also doesn't solve the issue of streaming these channels on smartphones either and as Flash is not available neither are these services. It seems the PC is going to go the same way and a lot of content and services will disappear. That is, until an alternative surfaces... and that was also part of my question, in which direction will stream sites most likely go to continue their content services once they cannot use Flash any more and will that tech be available/viable on mobile devices such as smartphones?

 

None of these services are dependent on flash to continue operations. They do however need to invest in new software to continue operating. Big players like netflix and youtube are moving away from flash, the rest will eventually follow. It's sort of like Java web apps, they used to be reasonably common but are mostly gone now.

 

Slingplayer works fine for me. In Chrome. Without Flash.

YouTube, Twitch.tv, Amazon Prime all work for me. Totally ready for Flash to be dead.

 

Oh yes, please, please die a quick death flashplayer. We don't want you anymore.

 

How secure are the alternatives though?. Once we see flash go away, will we start to see new security issues in new content delivery mechanisms like html5? Is flash just the current low hanging fruit?

 

Pretty pissed new hp software relies on flash and vmware.