Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Adobe warns of another new critical flaw in Flash
Yesterday, Adobe reported another critical security exploit in Flash. Show us your surprised face.Unlike a lot of the Flash warnings we see, however, this one is actively being exploited, and a successful attack allows untrusted code to be remotely executed. That's bad, especially since Adobe's post states that the patch won't be arriving for about two weeks.
Flash can't seem to catch a break, can it? If it's not being slammed for hogging CPUs, running down batteries, and not being "open," it's being smacked around by yet another security shortcoming.
Adobe products continue to be a juicy target for bad guys, and so far, Adobe's increased attention to security seems to be making little difference -- except, perhaps, for calling more attention to little vexations like this one.
Comments
8
Subscribe to commentsmadmanmostafaSep 14th 2010 5:32PM
It would be pretty crazy if Apple was at the root of all of this.
"Hey, Jim? You sure there's a flaw in adobe's code?" "Yeah. Positive." "Exploit it. Let's ruin Flash and push the hell out of HTML5." "Done."
And here we are.
APVSep 14th 2010 6:38PM
I don't remember the last time I've seen anything in flash (except annoying ads.)
Hmmm.
:-/
Dave JohnsonSep 14th 2010 7:05PM
You're not interested in photography sites, obviously. You're not interested in many musicians' official sites, are you? You're not interested in a slew of web designers sites ... because they are all heavily populated by flash enabled elements. So when you can't remember the last time you've seen anything in flash ... allow me direct you to this site ... please don't necessarily asssume the choice of band means anything. http://www.toolband.com/
vicsvengeSep 14th 2010 7:09PM
flash IS a critical flaw
mrickSep 14th 2010 7:18PM
Well, Adobe is in good company then.
See: IBM's X-Force threat report for the first half of 2010 lists Apple, Microsoft and Adobe Systems as the makers of products with the most vulnerabilities.
http://www.eweek.com/c/a/Security/IBM-Security-Report-Puts-Apple-Microsoft-as-Most-Vulnerable-Vendors-190732/
If you have a widely deployed app or OS, you are going to be a target. Adobe is, at least, pretty open about security issues. More so, I think, than Apple.
AnthonySep 14th 2010 8:18PM
Definitely more so than Apple. How often do you hear of Apple vulnerabilities? Quite often. How often do you hear of Apple vulnerabilities straight from Apple? Almost never... at least until the patch is released, months after the vulnerability was reported. This is why I prefer Microsoft products. There may be many vulnerabilities, but at least they're open about it. And, they put out patches fairly quickly. The most I've ever seen a patch take (other than ones that are not really problems in the first place, i.e. not easily exploitable unless you actually gain physical access to the computer) is one month. I applaud Adobe for stepping up and making the effort to find the vulnerabilities, but they still need to work on pushing out patches (and auto-updating).
Having said all that... Silverlight FTW! (Seriously, I hope Silverlight replaces Flash someday.)
DanSep 14th 2010 7:45PM
Flash 10.1 has been a thorn in my paw as of late. I don't know if it is a Chrome issue, but have ran into a couple websites where Flash fails to load the pages correctly and freezes up the tab till I hit the kill button. Thankfully Chrome rocks enough not to crash my other tabs, but the last version of Flash just hasn't worked all that well. Hope they get their crap together and get a stable, secure release out soon, or Apple will win this turf war at this rate. I have never had any issues with any other plugins.
dknight211Sep 15th 2010 12:33AM
When Steve Jobs wrote his piece on Flash, I was like whatever, another Apple move to put a tight grip on its iPhone OS devices.
Then I personally got hit by the Flash vulnerability by going to a site that came up in a Google search result. Then user computers at work started getting hit. And there was no patch update yet from Adobe.
And now this whole thing all over again. I have uninstalled Flash and Adobe Reader. I now use FoxitPDF or Sumatra PDF.
Steve Jobs was right.