backtop


Print 66 comment(s) - last by QueBert.. on Jun 9 at 5:10 AM

Exploit attacks Flash Player 9 and 10 as well as Reader/Acrobat 9.x

Steve Jobs has been on a crusade against Adobe Flash for quite sometime citing issues with performance, stability, and security. Today, Adobe is fueling Jobs' concerns and likely giving the Apple CEO fodder for his WWDC keynote which is coming up on Monday.

According to Adobe, there is a critical vulnerability in versions of Flash Player (Windows, OS X, Linux, Solaris) and Reader/Acrobat 9.x (Windows, OS X, UNIX). The exploit allow a hacker to gain control over an affected system.

Even more troubling is that Adobe says that it currently doesn't have a fix and "there are reports that this vulnerability is being actively exploited in the wild."

Adobe says that the following versions of its products are affected:

  • Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions

It should be noted however, that the current Release Candidate version of Flash Player 10.1 "does not appear to be vulnerable" to this exploit and Adobe Reader/Acrobat 8.x are also safe.

You can view Adobe's full advisory on the exploit here which also details steps to minimize the impact of the exploit with Reader/Acrobat 9.x.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Alexstarfire on 6/7/2010 1:29:30 AM , Rating: 1
People might have left Microsoft in the millions, but that sounds a lot better than it really is. Microsoft has BILLIONS of users, you're talking less than 1% of the market leaving. That's not much.

Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.

Not sure if flash will ever be low power for phones. They'd have to find a way to take advantage of the GPU in phones which is basically non-existent. Running it off of CPU is like video encoding using only CPU power. You can do it, but it's not that efficient. That said, most of what would suck up power is running the flash ads. People think if Flash dies the ads are going die. That's hardly going to happen, they'll just use some other method. If HTML5 takes over they'll just be HTML5 ads.


By Tony Swash on 6/7/2010 6:02:31 AM , Rating: 2
quote:
Well, I think it's assumed that he was talking about Macs rather than phones. Phones basically don't get exploited when compared to desktop/laptop computers. It's not that they can't, it's just that they don't. And as for Flash crashing your browser.... how about you get a browser that doesn't suck then. Flash hasn't crashed my browser since IE6... and IDK if you can even say it's Adobe's fault with that browser.


The reason I argued as I did was because Apple's position on Flash is different to other vendors in really only two areas:

a) It has not allowed flash on its mobile platforms (iPad, iPhone). Hence my references to the market profile of Apple in those sectors.

b) It has blocked the development of cross platform apps using the flash development environment (actually its blocked all third party intermediary layers in app development but it's Adobe that have complained the loudest). As I explained Apple have had many experiences during its long history in the business of the acute problems associated with allowing third parties to control App development for their platform. There are many issues but to simplify - if developers use a third party system to create cross platform apps then a number of bad things happen (from Apple's point of view) amongst which are they fact that any attempt by Apple to differentiate their platform through OS and software features would be negated (surely a likely logical consequence of anything being cross platform) and secondly as and when Apple introduces new OS features the owners and maintainers of third party developer intermediary systems would control (and could delay) their actual use in App development. From Apple's point of view there is nothing to be gained and a lot to lose from allowing cross platform development via intermediary development systems such as flash.

Generally those who most support cross platform development are those whose platforms are a minority in the market place and therefore offer a less attractive market for app developers. In this case that would be Android. A new survey of U.S. smartphone owners (by Nielsen) found that 28 percent use a device running the iPhone OS, compared with just 9 percent on Google's Android mobile operating system.

As flash runs on macs Apple's position on flash it is surely a non-issue in the desktop market.

Your comments about the stability of flash on your PC is moot - Macs users would much rather run macs without flash than windows with flash (in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story).


By Luticus on 6/7/2010 10:57:38 AM , Rating: 2
quote:
in fact most mac users would prefer bowel surgery without anaesthetic than use a windows machine but that's another story


Is that another way of saying Mac users are gay?? >;)~

Generally i don't have a problem with flash... though after i read up on this new problem with it i may be avoiding it for a while till it's resolved. personally i don't understand what the big deal is, why block flash. if your users don't like it they could just "not install it"... there's an idea!

Oh and, for the record... I'll take my Windows 7... or Linux... or Unix PC... or well anything really, over a Mac any day.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki