| ||||||||||||||||||||||||||||||||
flash-plugin: abandon all hope
(Log in to post comments)
flash-plugin: abandon all hope Posted Nov 17, 2011 14:32 UTC (Thu) by nix (subscriber, #2304) [Link]
Bear in mind that Flash is being pounded very hard by the Chrome hackers, who do things like large-scale fuzzing, and running every .swf Google can find on the net through it. Most of these vulns came from there, so may never have been encountered in the real world.
I suspect that most software of the complexity of Flash has a similar number of vulnerabilities: they're just not being scrutinized so hard. (Most of them aren't network-accessible either.)
Now if only Adobe would release a PPAPI version of Flash, so those of us using Chromium could sandbox this horrible non-free lump away and still get at the large chunk of web content that requires Flash...
Sadly it's just not possible... Posted Nov 17, 2011 16:06 UTC (Thu) by khim (subscriber, #9252) [Link] Now if only Adobe would release a PPAPI version of Flash, so those of us using Chromium could sandbox this horrible non-free lump away and still get at the large chunk of web content that requires Flash... Not gonna happen. Flash requires bunch of things (like raw file access, raw UDP access, atc) which are not accessible in pure PPAPI plugins. Sure, PPAPI may be extended to give this ability to one particular PPAPI plugin... but then your sandbox will look like a sieve.
flash-plugin: abandon all hope Posted Nov 17, 2011 17:17 UTC (Thu) by raven667 (subscriber, #5198) [Link]
I'm sure that all the work google is doing is helping but it has always seemed like flash isn't developed with the highest standards of security and quality in mind although I can't possibly know that for sure, maybe it is just technically unfeasible for something as complex as that to not be riddled with holes.
nice title summary Posted Nov 17, 2011 14:43 UTC (Thu) by mattdm (guest, #18) [Link]
I don't usually LOL when reading through the week's vulnerabilities. Thanks. :)
|
||||||||||||||||||||||||||||||||