Weekly Edition
Return to the Security page
| |||||||||||||
|
| |||||||||||||
Adobe Flash Player vulnerability
Adobe has reported
a vulnerability in Flash Player 10.0.45.2 (and earlier), including the
Linux version. "This vulnerability could cause a crash and
potentially allow an attacker to take control of the affected
system." There is a Flash Player 10.1 Release Candidate that does
not appear to be vulnerable.
(Log in to post comments)
Adobe Flash Player vulnerability Posted Jun 7, 2010 19:58 UTC (Mon) by linuxjacques (subscriber, #45768) [Link]
No 10.1 RC for 64-bit though?
AFAICT there is no linux 64-bit flash which "does not appear to be vulnerable."
Adobe Flash Player vulnerability Posted Jun 12, 2010 0:11 UTC (Sat) by SiliconSlick (subscriber, #39955) [Link]
Adobe Flash Player vulnerability Posted Jun 8, 2010 4:49 UTC (Tue) by b7j0c (subscriber, #27559) [Link]
as much as i loathe apple, stories like this remind me why killing flash is a great idea.
Adobe Flash Player vulnerability Posted Jun 8, 2010 8:05 UTC (Tue) by tao (guest, #17563) [Link]
Yeah, because no other software components than flash have security issues...
Adobe Flash Player vulnerability Posted Jun 8, 2010 8:15 UTC (Tue) by burki99 (subscriber, #17149) [Link]
Because only Adobe can fix security issues in flash
Adobe Flash Player vulnerability Posted Jun 8, 2010 8:35 UTC (Tue) by tao (guest, #17563) [Link]
My point is that you're bringing Apple into this. All other components of their platform (apart some parts of the base system) are proprietary.
So, if you'd referred to Stallman, then your comment would've made sense. Referring to Apple doesn't.
If you'd referred to Apple's stance on Flash in a thread that talked about open standards, on the other hand, it would've made perfect sense.
Adobe Flash Player vulnerability Posted Jun 8, 2010 11:56 UTC (Tue) by rsidd (subscriber, #2582) [Link] All other components of their platform (apart some parts of the base system) are proprietary. Yes, but controlled by Apple. That's what counts, from Jobs' point of view. (Indeed, no sane vendor appreciates vulnerability in a part of the system that they don't control.) It just happens that, in this instance, Jobs' self-interest coincides with that of free software/open standards advocates.
Adobe Flash Player vulnerability Posted Jun 8, 2010 16:24 UTC (Tue) by b7j0c (subscriber, #27559) [Link]
i am referring to apple because steve jobs' campaign to destroy flash is rooted in the cultural zeitgeist
Adobe Flash Player vulnerability Posted Jun 8, 2010 22:46 UTC (Tue) by ajf (subscriber, #10844) [Link]
That's nothing to do with "cultural zeitgeist". Apple owns the most revenue-generating smartphone platform right now, and they (probably correctly) see economical cross-platform development as a threat to that dominance.
Adobe Flash Player vulnerability Posted Jun 9, 2010 10:30 UTC (Wed) by nye (guest, #51576) [Link]
>Apple owns the most revenue-generating smartphone platform right now
Is this actually true, or are you just making that assumption based on Apple's advertising? Certainly they aren't even close to the biggest player in the smartphone market so if they are generating the most revenue despite being so far behind in market share then it would be surprising.
Adobe Flash Player vulnerability Posted Jun 9, 2010 11:15 UTC (Wed) by spaetz (subscriber, #32870) [Link]
Taking into account that "analysists" pull these figures out of the sky, this pie chart, *is* kind of impressive:
http://static.arstechnica.com/iphone/app_store_pie_chart_...
story is here:
But then I guess, it all depends on how you define revenue sources as being part of the platform etc.
Adobe Flash Player vulnerability Posted Jun 9, 2010 12:22 UTC (Wed) by nye (guest, #51576) [Link]
Hmm, I hadn't considered apps - I was thinking of sales + subscriptions. I wonder how they compare in terms of revenue...
(Going further offtopic, that analysis is interesting; I wonder if it indicates that iPhone users are far more likely to buy apps than users of the more popular smartphone platforms, or if it simply reflects Apple's focus on the app store before anyone else got around to it. Probably a bit of both.)
Adobe Flash Player vulnerability Posted Jun 9, 2010 20:41 UTC (Wed) by rqosa (guest, #24136) [Link] > they (probably correctly) see economical cross-platform development as a threat to that dominance. If so, then why have they developed the HTML5 canvas element, and why are they implementing things such as HTML5 video element and SVG in WebKit? Those APIs make JavaScript into a viable competitor of Flash for cross-platform development.
Adobe Flash Player vulnerability Posted Jun 9, 2010 23:06 UTC (Wed) by ajf (subscriber, #10844) [Link] I'm talking about native applications for mobile phones, not web applications. Give an iPhone user the choice between a free webapp and a cheap native app that does the same thing, they'll choose the latter just about every time. I'm not claiming that Apple is evil, nor that they don't do anything that improves cross-platform compatibility. But on today's phones, HTML5 and Flash are equally unviable: UI quality and responsiveness are nowhere near what you can get natively.
FlashBlock Posted Jun 8, 2010 5:58 UTC (Tue) by Cato (subscriber, #7643) [Link]
This addon for Firefox also has two versions for Chrome - since it makes it very easy to see Flash objects that you do want to see, and you can whitelist sites that are safe, it's the best way to guard against zero-day Flash holes, particularly for non-techie friends who would find NoScript too difficult to use.
FlashBlock Posted Jun 8, 2010 6:59 UTC (Tue) by jwb (guest, #15467) [Link]
I am extremely skeptical of the FlashBlock for Chrome. It only seems to block the display of the Flash content. The SWF file is still transfered, and npviewer.bin is still running on my system even when FlashBlock appears to work.
FlashBlock Posted Jun 8, 2010 8:58 UTC (Tue) by elanthis (guest, #6227) [Link]
That's because extensions for Chrome can't actually intercept or alter the document before it is loaded or executed. It supposedly makes extensions more secure, but in turn limits them to little more than GreaseMonkey scripts with UI/chrome extensibility.
FlashBlock Posted Jun 8, 2010 18:44 UTC (Tue) by jwb (guest, #15467) [Link]
Yeah. What we really need (at least on Linux) is to nerf the Flash Player inside nspluginwrapper itself. nspluginwrapper should start a placeholder program, which can then dlopen Flash Player if you click to confirm.
FlashBlock Posted Jun 9, 2010 1:37 UTC (Wed) by JohnLenz (subscriber, #42089) [Link] Mozilla calls this Electrolysis and at least from that page it says it is beta quality.
FlashBlock Posted Jun 9, 2010 4:56 UTC (Wed) by jwb (guest, #15467) [Link]
Nice, but blocking of Flash already works correctly in Mozilla browsers because extensions can observe and interfere with HTTP requests before they happen.
|
|
||||||||||||
