backtop


Print 66 comment(s) - last by QueBert.. on Jun 9 at 5:10 AM

Exploit attacks Flash Player 9 and 10 as well as Reader/Acrobat 9.x

Steve Jobs has been on a crusade against Adobe Flash for quite sometime citing issues with performance, stability, and security. Today, Adobe is fueling Jobs' concerns and likely giving the Apple CEO fodder for his WWDC keynote which is coming up on Monday.

According to Adobe, there is a critical vulnerability in versions of Flash Player (Windows, OS X, Linux, Solaris) and Reader/Acrobat 9.x (Windows, OS X, UNIX). The exploit allow a hacker to gain control over an affected system.

Even more troubling is that Adobe says that it currently doesn't have a fix and "there are reports that this vulnerability is being actively exploited in the wild."

Adobe says that the following versions of its products are affected:

  • Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions

It should be noted however, that the current Release Candidate version of Flash Player 10.1 "does not appear to be vulnerable" to this exploit and Adobe Reader/Acrobat 8.x are also safe.

You can view Adobe's full advisory on the exploit here which also details steps to minimize the impact of the exploit with Reader/Acrobat 9.x.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Tony Swash on 6/6/2010 8:37:02 AM , Rating: -1
Oh dear - so may wrong things in one post - where to begin?

quote:
Secondly, he has a financial stake in HTML5 taking off over Flash. He owns stock in the company that owns the patent for the codec. So that's a no brainer. Again, he wants to control ALL content on his devices. You will use what he wants you to use, when he wants it. And make a boatload of money in the process.


Apple has no financial stake in HTML - nobody does. I think you mean that Apple has a financial stake in the video codec H264 which Apple favours for use via HTML over Flash. There are over 1000 patents in the H.264 patent pool, and something like 26 companies behind those patents. Apple has exactly 1 patent in that pool, Microsoft has 65. The H264 license costs Apple money.

It should be also pointed out that the only people with a financial stake in Flash are Adobe - hence their squeals.

Its interesting and a bit odd that a story about another serious security hole in Flash is spun so heavily both in the main story and in many comments to focus on Apple.

quote:
Also the idea that you dump an entire platform because of a vulnerability is ludicrous.


There have been many security problems with Flash and this is just the latest. Given that Adobe haven't even released a version of flash that can fully run on a phone and that their demos of the beta version of mobile flash has been so buggy why would anybody with any sense commit to adopting it? As I have said before, Steve Job's would be very happy to see the iPhone competitors quickly adopt flash as it will de-optimize their devices.

quote:
Windows had it's share of backdoors in the past as well, did everyone abandon ship?


Yes they did - in their millions. People are sick and tired of the scary Windows track record and want an alternative. Even if Microsoft comes out with a more secure OS their brand is now probably irreversibly tarnished.

quote:
Job's doesn't understand this because he's had the luxury of operating in his nice tiny little niche, where he can control every little aspect of his products. Adobe doesn't have this luxury, most industry standards don't. When you have to cater to a massive multi-platform industry, things like this happen and happen often.


I think you will find that Apple - in the realm of the mobile device which is surely the link here - is far from a niche player. You probably are referring to Apples small market share in the desktop arena (cannily concentrated in the most profitably and prestigious top end of that market) and here Macs run flash. The result? Shitty performance and browser crashes. I, like many other, have installed software to block flash on my desktop and selectively turn it on for particular sites.

quote:
He's going to have to suck it up. Blocking Adobe products might not be anti-competitive or illegal, but blocking them so a standard that he has a vested financial interest in becoming a monopoly, sure as hell is.


Apple will adopt flash on it's mobile devices when Adobe releases a version that runs well (stable, low power etc) and if the market says it wants it. Currently, given how many iPhones and iPads Apple are selling, the market is not that bothered.

Apple will never allow third party control of App development on Apple platforms - for good reasons. Not least because they have been so badly burned in the past by doing just that - see for example:

http://www.folklore.org/StoryView.py?project=Macin...

The idea that Apple is some sort of a monopoly is just daft - you have to control a market or a product category to be a monopoly and Apple doesn't. If they controlled 90%+ of the smart phone market or come to control 90%+ of the tablet market (which they might) then they would be a monopoly. Even then you would have to prove that Apple used their monopoly to block competitors and Apple are not stopping any of their competitors from using flash.


By Alexstarfire on 6/7/2010 1:29:30 AM , Rating: 1
People might have left Microsoft in the millions, but that sounds a lot better than it really is. Microsoft has BILLIONS of users, you're talking less than 1% of the market leaving. That's not much.

Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.

Not sure if flash will ever be low power for phones. They'd have to find a way to take advantage of the GPU in phones which is basically non-existent. Running it off of CPU is like video encoding using only CPU power. You can do it, but it's not that efficient. That said, most of what would suck up power is running the flash ads. People think if Flash dies the ads are going die. That's hardly going to happen, they'll just use some other method. If HTML5 takes over they'll just be HTML5 ads.


By Tony Swash on 6/7/2010 6:02:31 AM , Rating: 2
quote:
Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.


The reason I argued as I did was because Apple's position on Flash is different to other vendors in really only two areas:

a) It has not allowed flash on its mobile platforms (iPad, iPhone). Hence my references to the market profile of Apple in those sectors.

b) It has blocked the development of cross platform apps using the flash development environment (actually its blocked all third party intermediary layers in app development but it's Adobe that have complained the loudest). As I explained Apple have had many experiences during its long history in the business of the acute problems associated with allowing third parties to control App development for their platform. There are many issues but to simplify - if developers use a third party system to create cross platform apps then a number of bad things happen (from Apple's point of view) amongst which are they fact that any attempt by Apple to differentiate their platform through OS and software features would be negated (surely a likely logical consequence of anything being cross platform) and secondly as and when Apple introduces new OS features the owners and maintainers of third party developer intermediary systems would control (and could delay) their actual use in App development. From Apple's point of view there is nothing to be gained and a lot to lose from allowing cross platform development via intermediary development systems such as flash.

Generally those who most support cross platform development are those whose platforms are a minority in the market place and therefore offer a less attractive market for app developers. In this case that would be Android. A new survey of U.S. smartphone owners (by Nielsen) found that 28 percent use a device running the iPhone OS, compared with just 9 percent on Google's Android mobile operating system.

As flash runs on macs Apple's position on flash it is surely a non-issue in the desktop market.

Your comments about the stability of flash on your PC is moot - Macs users would much rather run macs without flash than windows with flash (in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story).


By Luticus on 6/7/2010 10:57:38 AM , Rating: 2
quote:
in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story


Is that another way of saying Mac users are gay?? >;)~

Generally i don't have a problem with flash... though after i read up on this new problem with it i may be avoiding it for a while till it's resolved. personally i don't understand what the big deal is, why block flash. if your users don't like it they could just "not install it"... there's an idea!

Oh and, for the record... I'll take my Windows 7... or Linux... or Unix PC... or well anything really, over a Mac any day.


"DailyTech is the best kept secret on the Internet." -- Larry Barber

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki