backtop


Print 66 comment(s) - last by QueBert.. on Jun 9 at 5:10 AM

Exploit attacks Flash Player 9 and 10 as well as Reader/Acrobat 9.x

Steve Jobs has been on a crusade against Adobe Flash for quite sometime citing issues with performance, stability, and security. Today, Adobe is fueling Jobs' concerns and likely giving the Apple CEO fodder for his WWDC keynote which is coming up on Monday.

According to Adobe, there is a critical vulnerability in versions of Flash Player (Windows, OS X, Linux, Solaris) and Reader/Acrobat 9.x (Windows, OS X, UNIX). The exploit allow a hacker to gain control over an affected system.

Even more troubling is that Adobe says that it currently doesn't have a fix and "there are reports that this vulnerability is being actively exploited in the wild."

Adobe says that the following versions of its products are affected:

  • Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions

It should be noted however, that the current Release Candidate version of Flash Player 10.1 "does not appear to be vulnerable" to this exploit and Adobe Reader/Acrobat 8.x are also safe.

You can view Adobe's full advisory on the exploit here which also details steps to minimize the impact of the exploit with Reader/Acrobat 9.x.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By ImSpartacus on 6/5/2010 6:59:29 PM , Rating: 2
Flash and Reader always seem to be getting attacked. It might be their market position, it might be Adobe, it might be bad luck. I'm not sure.

What do you guys think?




By greylica on 6/5/2010 7:13:52 PM , Rating: 1
I think it's porn related...
S.
W.
F.

Complete those words with years pledging for updates, 64 bit versions, asking for standards and those words will be what you might think of it...

0_0


By greylica on 6/5/2010 7:20:57 PM , Rating: 2
A friend of mine deciphered...

S. oon
W. ill be
F. ixed...


By GuinnessKMF on 6/7/2010 7:49:05 AM , Rating: 2
Sh*t, We're F*cked.


By sebmel on 6/7/2010 6:43:40 PM , Rating: 2
Go to www.adobe.com ... read the front page 'News' section... it includes NOTHING about this serious exploit!

Click on 'Get Adobe Flash'... takes you to the download page for your OS and offers you the VULNERABLE version of Adobe Flash!

Click on 'Get Adobe Reader' ... takes you to the download page for your OS and offers you the VULNERABLE version of Adobe Reader!

Irresponsible.


By Reclaimer77 on 6/5/2010 7:28:26 PM , Rating: 5
The problem is we know Job's motivations, no matter what he says. This isn't about security, or performance, or anything of the like. It's about control. If Flash were to run on his devices, it would be impossible for him to firmly lock them down and control them. The end user would be able to go around his quaint "app stores" and enjoy the robust third party options that the rest of the world has known for decades now.

Secondly, he has a financial stake in HTML5 taking off over Flash. He owns stock in the company that owns the patent for the codec. So that's a no brainer. Again, he wants to control ALL content on his devices. You will use what he wants you to use, when he wants it. And make a boatload of money in the process.

Also the idea that you dump an entire platform because of a vulnerability is ludicrous. Windows had it's share of backdoors in the past as well, did everyone abandon ship? No. This is no more proof of Job's position than it would be some crazy guy saying because ships can spring leaks, we all shouldn't use them.

Job's doesn't understand this because he's had the luxury of operating in his nice tiny little niche, where he can control every little aspect of his products. Adobe doesn't have this luxury, most industry standards don't. When you have to cater to a massive multi-platform industry, things like this happen and happen often.

He's going to have to suck it up. Blocking Adobe products might not be anti-competitive or illegal, but blocking them so a standard that he has a vested financial interest in becoming a monopoly, sure as hell is.


By ncage on 6/5/2010 7:52:58 PM , Rating: 2
Its more than that. There is a reason why they want control. I'm not saying apples model is perfect but it does lead to some key advantages. If apple would allow people to build applications on their hardware maybe that technology be it flash/silverlight/air/ect then they are less control the direction of the platform. They are going to infuriate users if they change the platform in such a way that breaks their exiting apps/content. This is in essence what happened when microsoft went to windows vista. There were so many lazy developers out there that were using bad practices and when microsoft hardened the security then it broke things. Of course windows is the opposite of what apple does. You can install anything you want from any place you please and one of the reasons windows has so much trouble with malware.

I think a lot of developers would use something like adobe air if they could to develop iphone apps (assuming they don't need the horsepower like for games) because the developer experience for developing iphone apps is horrible. Its like programming back in the 80s with Object-C. I think, there in, lies the problem. They don't want a lot of developers moving over to technologies like adobe air.

Going back to phones i actually think microsofts new phone is going the right direction. Some control but not so unstructured (andriod) that it causes fragmentation. I mean some of the limitations of previous iphones were stupid. You can't change the wallpaper would be a good example until IS OS Phone 4.0 is released.

I have no idea why people fight over this flash issue so much. If i had the ability to install flash on my phone i wouldn't. What does flash, in the majority of cases, add to the experience? Marketing/Add is what it adds. Now until HTML 5 becomes available and a standard video format that the industry stands around then the only thing i won't to do is to be able to click on a flash video and play it in a stand alone player or if a company wants to get its content to you they will through a stand alone app.


By Reclaimer77 on 6/5/2010 8:26:46 PM , Rating: 3
Well for one thing, without Flash support millions of bored housewives and people with too much time on their hands are unable to play Farmville on Facebook!!

That alone is reason enough to support it.


By The Raven on 6/7/2010 10:44:15 AM , Rating: 2
quote:
If apple would allow people to build applications on their hardware maybe that technology be it flash/silverlight/air/ect then they are less control the direction of the platform. They are going to infuriate users if they change the platform in such a way that breaks their exiting apps/content. This is in essence what happened when microsoft went to windows vista.


Although I agree with your main point (advantages to Apple strategy), you cite the 'openess' of MS as the reason for Vista's failure when XP did the same thing and was sucessful for it. XP wouldn't be as sucessful if MS made it so limited software was available for it. They made sure apps were available for it and the success followed.

Look at the iPhone itself. Apple made it so that it was easy to make apps for the phone. In that way, it is open, and the openess brought it success. Now they are saying no to Flash and that is the opposite of what brought them success from this point of view anyway. The quality aspect is another story, but that is why it is a bit controversial.


By Reclaimer77 on 6/5/2010 9:52:32 PM , Rating: 4
Man, you caught me. I stand to make eleventy bagillion dollars if Apple uses Flash. Wheewh, talk about busted!!!


By poohbear on 6/6/2010 1:47:18 AM , Rating: 4
seriously. to the guy saying he's posting stuff like this to make Apple look bad, please get a life. im pretty sure some dont like Apple for a host of reasons, it doesnt equate a conspiracy theory.


By themaster08 on 6/6/2010 5:28:59 AM , Rating: 2
quote:
seriously. to the guy saying he's posting stuff like this to make Apple look bad
He achieved that himself. He provided absolutely no proof or even logic that what Reclaimer said was lies. Instead going on about how there are plenty of apps whilst maintaining security. As we know, that wasn't the point.


By tlampen on 6/6/2010 5:59:26 PM , Rating: 5
Dude, you need some serious mental help... who goes off on a spout about how the people who disagree with you over an apple article will eventually commit suicide!! PSYCHO!!!
looks like someone has truly drank way to much of apple's kool-aid.


By themaster08 on 6/7/2010 4:50:26 AM , Rating: 5
When you buy Apple products, you don't just buy a device, you buy a way of life. Attacking Apple is like attacking his family, so expect him to get personal, going on a tangent about how our lives are worthless.

I agree. He needs medical attention. His ability to debate logically is flawed by his inability to take Apple products for what they are........just devices.

A typical self righteous, elitist Apple customer.


By The Raven on 6/7/2010 10:23:21 AM , Rating: 2
It's not as genuine as a family; it's more artificial like a clique.


By themaster08 on 6/6/2010 5:21:57 AM , Rating: 2
Excellent post! Couldn't agree more!


By Alexstarfire on 6/7/2010 1:29:30 AM , Rating: 1
People might have left Microsoft in the millions, but that sounds a lot better than it really is. Microsoft has BILLIONS of users, you're talking less than 1% of the market leaving. That's not much.

Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.

Not sure if flash will ever be low power for phones. They'd have to find a way to take advantage of the GPU in phones which is basically non-existent. Running it off of CPU is like video encoding using only CPU power. You can do it, but it's not that efficient. That said, most of what would suck up power is running the flash ads. People think if Flash dies the ads are going die. That's hardly going to happen, they'll just use some other method. If HTML5 takes over they'll just be HTML5 ads.


By Tony Swash on 6/7/2010 6:02:31 AM , Rating: 2
quote:
Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.


The reason I argued as I did was because Apple's position on Flash is different to other vendors in really only two areas:

a) It has not allowed flash on its mobile platforms (iPad, iPhone). Hence my references to the market profile of Apple in those sectors.

b) It has blocked the development of cross platform apps using the flash development environment (actually its blocked all third party intermediary layers in app development but it's Adobe that have complained the loudest). As I explained Apple have had many experiences during its long history in the business of the acute problems associated with allowing third parties to control App development for their platform. There are many issues but to simplify - if developers use a third party system to create cross platform apps then a number of bad things happen (from Apple's point of view) amongst which are they fact that any attempt by Apple to differentiate their platform through OS and software features would be negated (surely a likely logical consequence of anything being cross platform) and secondly as and when Apple introduces new OS features the owners and maintainers of third party developer intermediary systems would control (and could delay) their actual use in App development. From Apple's point of view there is nothing to be gained and a lot to lose from allowing cross platform development via intermediary development systems such as flash.

Generally those who most support cross platform development are those whose platforms are a minority in the market place and therefore offer a less attractive market for app developers. In this case that would be Android. A new survey of U.S. smartphone owners (by Nielsen) found that 28 percent use a device running the iPhone OS, compared with just 9 percent on Google's Android mobile operating system.

As flash runs on macs Apple's position on flash it is surely a non-issue in the desktop market.

Your comments about the stability of flash on your PC is moot - Macs users would much rather run macs without flash than windows with flash (in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story).


By Luticus on 6/7/2010 10:57:38 AM , Rating: 2
quote:
in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story


Is that another way of saying Mac users are gay?? >;)~

Generally i don't have a problem with flash... though after i read up on this new problem with it i may be avoiding it for a while till it's resolved. personally i don't understand what the big deal is, why block flash. if your users don't like it they could just "not install it"... there's an idea!

Oh and, for the record... I'll take my Windows 7... or Linux... or Unix PC... or well anything really, over a Mac any day.


By talozin on 6/6/2010 10:18:25 AM , Rating: 3
Secondly, he has a financial stake in HTML5 taking off over Flash. He owns stock in the company that owns the patent for the codec.

Hmm; according to Wikipedia (always a source of reliable knowledge :p), "[t]he current HTML5 draft specification does not specify which video formats browsers should support in the video tag. User agents are free to support any video formats they feel are appropriate." Has that changed since the last time someone updated the page?

My feelings on the whole Jobs vs. Adobe thing are kind of mixed. Flash is a buggy, insecure, slow power hog. It would be nice if it would go away and be replaced by an open (actually open, meaning it's at least possible to deploy in a non-patent-encumbered manner) standard. If Steve Jobs wants to accomplish that, great. If he wants to replace it with a closed standard, well, I don't see much reason to prefer Apple over Adobe. Show me a better, more secure, more efficient way to view video over the web and I might disagree.

Finally, I don't get the notion that Jobs wants to control "ALL content on his devices". I've never bought a movie from the iTunes store, but I have literally hundreds of hours of video that play just as well on my Apple devices as on my Windows devices and on my Linux devices. I've never bought an Apple-branded compiler, but I can compile software from source on my OS X hosts and run it just as easily as I can on Windows (probably easier, but not as easy as Linux). If Jobs really wants total control over his platform, he's doing a heckuva job at it, in the Mike Brown sense.


By afkrotch on 6/7/2010 10:17:37 PM , Rating: 2
Video hasn't changed on HTML5. I doubt they are going to set a specific format. Apple and MS are pushing h.264. Mozilla and Opera, I think, are pushing ogg.


By phantom505 on 6/5/2010 8:50:56 PM , Rating: 5
I think he's still made that nobody uses QuickTime anymore.


By cmdrdredd on 6/6/2010 12:02:43 PM , Rating: 2
If Apple allowed Flash I'd own an iPad right now. Since they don't support it, I'm waiting for the Asus or similar.


By indignation on 6/6/2010 12:19:11 PM , Rating: 2
When someone jailbreaks the iPad, you may have both


By InsaneScientist on 6/6/2010 11:07:34 PM , Rating: 2
Two things:
First: the iPad already is jailbroken (spiritjb.com)
Second: flash support even on the jailbroken iPhone is lousy at best, even after having been jailbroken for years... so I doubt that the iPad is going to get decent flash support any time soon. :(


By indignation on 6/6/2010 12:22:15 PM , Rating: 3
Insecurity through popularity, that's nothing to sneeze at. At least they've got the guts to announce it and will offer to fix it


By Brandon Hill (blog) on 6/5/2010 10:39:44 PM , Rating: 3
Did you not read the last two paragraphs?


By stmok on 6/5/2010 10:46:52 PM , Rating: 1
I mean; include the needed details with your article, instead of posting links.


By FaaR on 6/6/2010 12:09:56 AM , Rating: 2
...Because it's so hard to just click a link?

Sheesh. You young people, in my day if we wanted information we had to WALK TO THE LIBRARY!!! ...Uphill! Both ways!


By PerfectAgent007 on 6/6/2010 1:41:22 AM , Rating: 2
IN THE SNOW!


By cscpianoman on 6/6/2010 8:18:14 AM , Rating: 2
Carrying your two younger cousins on your back.


By Anoxanmore on 6/7/2010 10:24:54 AM , Rating: 2
Barefoot!


By Joz on 6/7/2010 10:42:44 AM , Rating: 2
And a sanwdich and Supperman comic book was only 25 cents, total! Young whipersnappers!


By afkrotch on 6/7/2010 10:20:27 PM , Rating: 2
and the roads weren't paved back then.


Steve says what?
By ratbert1 on 6/5/2010 7:04:26 PM , Rating: 1
Oh, that's right, because OSX doesn't have any vulnerabilities.




RE: Steve says what?
By UnWeave on 6/5/2010 7:49:27 PM , Rating: 2
I'd like to point out that Jobs hasn't actually said anything. Yet.

But I still lol'd, and if(/when) he does we are free to scream hypocrisy!


RE: Steve says what?
By GaryJohnson on 6/5/2010 10:58:59 PM , Rating: 2
Yeah I like that. The exploit has nothing to do with Stevie. Nice one Brandon, are you taking writing pointers from Jason?


RE: Steve says what?
By teng029 on 6/6/2010 1:05:44 PM , Rating: 2
Agreed. I thought for sure this was another Jason Mick article until I actually clicked on it.

The hatred for all things Steve Jobs and Apple on this site is amusing. You'd think these people were getting paid for it considering how passionate they are about it.


RE: Steve says what?
By kyleb2112 on 6/6/2010 3:18:44 PM , Rating: 2
That's DT for you--never letting the facts cloud a good narrative.


definition of news
By Murloc on 6/6/2010 4:23:22 AM , Rating: 3
news: reporting of something that happened.
of course, there can be some analysis.

pure speculation about inimportant stuff is stupid though.
This news is centered more about steve jobs than the vulnerability.

You can write that steve jobs will use this for his war, but it's one line, and you don't put it on the title.




RE: definition of news
By gralex on 6/6/10, Rating: 0
RE: definition of news
By kmmatney on 6/6/2010 10:25:28 PM , Rating: 2
It doesn't change the fact that all the Jobs crap is pure speculation. We have a problem with Adobe flash that:

1)allows control over the computer, and there is no known fix!
2) Is already out in the wild
3) There is no known fix (yet)

I think that is what is important here. The crap about what Steve Jobs might say was put there just to get clicks.


RE: definition of news
By chagrinnin on 6/6/2010 6:12:38 PM , Rating: 2
You used the word "inimportant" uncorrectly.


RE: definition of news
By afkrotch on 6/7/2010 10:22:26 PM , Rating: 2
inimportant is less important than unimportant.

:P


By vertigo1 on 6/5/2010 9:46:23 PM , Rating: 2
Okay, time out, let's think real carefully here!

This article is essentially saying oh no we've found a vunerability in a Adobe Reader/Flash and so Steve Jobs is going to be effectively gloating at Adobe for it....

1. Jesus guys, be FAIR. If you wiped out flash tomorrow, and put all the sane functionality in a browser I am willing to bet that you will find as many if not MORE vunerabilities in the BROWSER that will vary according to which browser and platform.

Just look at Safari's own fixlist for the latest version... http://support.apple.com/kb/HT4070

2. You are putting words "I told you so" words into Steve's mouth... they guy isn't a saint, but don't blatently make it up...

Stop being rude. Peace.




By Targon on 6/6/2010 7:00:45 AM , Rating: 2
Jobs has a long history of bashing anything he can't control, so it isn't rude to suggest he will be making a public comment about this some time today.


By bug77 on 6/6/2010 9:20:21 AM , Rating: 2
quote:
1. Jesus guys, be FAIR. If you wiped out flash tomorrow, and put all the sane functionality in a browser I am willing to bet that you will find as many if not MORE vunerabilities in the BROWSER that will vary according to which browser and platform.


You'd lose that bet.
1. One of the sources of these vulnerabilities is Adobe's persistence in using its own program stack. For speed considerations. But while modern OSes have layers of security around the program stack, Adobe's doesn't.
2. Even without #1, having an implementation for each platform makes each of them smaller targets to hit. On the other hand, Flash has a known vulnerability that will crash _any_ browser on _any_ OS. Apparently Adobe chose to hide it in their forums for "security reasons", but someone made a web page that shows the problem. Google it if you want proof.


Ubuntu
By bwave on 6/5/2010 9:56:30 PM , Rating: 2
How about making it run acceptably on linux? Under firefox it's sluggish, under opera is even worse.




RE: Ubuntu
By hughlle on 6/6/2010 5:24:06 AM , Rating: 2
installed ubuntu jsut yesterday to boot alongside 7 and i found no flash issues whatsoever. i found plenty of fun linix issues to piss me off as expected, but not flash


RE: Ubuntu
By Luticus on 6/7/2010 11:10:15 AM , Rating: 2
I run opera + flash on my Debian install just fine... though i will admit that I only installed opera because flash wouldn't play nice with whatever version of Firefox i was using at the time.


Blog
By icanhascpu on 6/6/2010 8:14:45 PM , Rating: 2
Another shitty DT article hiding behind blog status.

DT is quickly becoming a joke.




RE: Blog
By kmmatney on 6/6/2010 10:30:46 PM , Rating: 3
I agree - and have been an Anandtech reader since 1999. I still will read it - I just won't respect it as much as I used to. They seem to put Apple or Jobs in every article (just to get clicks) even when its not directly related. It would have been more useful for them to give more details on the problem, rather than all the Apple crap.


IT'S A CONSPIRACY
By AliShawkat on 6/5/2010 6:42:50 PM , Rating: 1
Steve Jobs hired these people to find the vulnerability! 0_0




RE: IT'S A CONSPIRACY
By bug77 on 6/6/2010 7:57:44 AM , Rating: 2
Neah, he already has men inside that put those vulnerabilities in :-D


Stories Like This...
By lukasbradley on 6/7/2010 9:07:27 AM , Rating: 3
...have led me to visit Daily Tech less and less and less....




security issues aside...
By muhahaaha on 6/8/2010 12:30:09 AM , Rating: 2
security issues aside (everything has them). Have you heard about the recent concerns with copy machines? This video is a real eye-opener:

http://www.flixxy.com/copy-machines-security-risk....

anyway, my point is that if iPad did flash, it would be just a big screened web-browser. But Apple wants it to be a "computer", so they couldn't allow that.

Why would you need the App Store if you could play flash games, view rich content, etc.

Nope, they just want to lock you in and sell you premium content, games, etc.

Apple has taken a fully functional web capable machine and bastardized it so they can pick and choose what you watch (and pick your pockets).

Steve Jobs is the 20th century PT Barnum.

And there are a lot of suckers out there.




RE: security issues aside...
By QueBert on 6/9/2010 5:10:37 AM , Rating: 1
I have 100 free applications on my iPod Touch. Apple made nothing off me for these as they were... free. Control? sure Steve wants that. But with so many FREE apps in the app store you can't possibly think his only motive is to sell us shit. If that was the case he's doing a PISS POOR job, because I honestly would have paid a buck or 2 for most of these 100 apps I got for FREE. As for them picking and choosing what I can install from the app store, I'm okay with that. I haven't had a single program crash my iPod Touch ever. On the flip my Motorola Q (WinMo 6) had to be hard reset because of apps I installed that had no testing/screening process.


unlikely
By SunAngel on 6/5/2010 6:42:12 PM , Rating: 2
quote:
likely giving the Apple CEO fodder for his WWDC keynote which is coming up on Monday.


other than answering the same question for the one millionth time ...'when are you going to embrace flash?', the name adobe won't be mentioned during the keynote.




I'm curious
By bug77 on 6/6/2010 7:24:47 AM , Rating: 2
I'd like to see the count of critical vulnerabilities found in Flash or Reader versus something like Windows or Firefox. But I don't know where I could get those numbers from.




.....and?
By spathotan on 6/5/2010 10:48:20 PM , Rating: 1
This comes as a surprise to this site? Big and popular things are always targets. Banks are robbed because they have alot of money, WoW always gets shit on and bashed because its the biggest MMO on the market. Windows systems get viruses and are attacked because they are the vast, vast.....vast, vast majority of computer users. Flash player is no different. Contrary to Apple's beliefs, not a damn person is using HTML5.




Apple Did It...
By cditty on 6/6/2010 12:50:47 AM , Rating: 1
I so wouldn't be suprised if Apple played a part it this exploit becoming public...

Don't mess with Apple, Adobe... :)




"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki