1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Adobe warns of Flash, Acrobat attack

Discussion in 'Article Discussion' started by CardJoe, 7 Jun 2010.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. jrs77

    jrs77 Modder

    Joined:
    17 Feb 2006
    Posts:
    3,483
    Likes Received:
    103
    That's exactly the problem with PlugIns...

    ...they add security-risks.
     
  3. Bakes

    Bakes What's a Dremel?

    Joined:
    4 Jun 2010
    Posts:
    886
    Likes Received:
    17
    This article suffers from a classic case of putting two and two together to make five.

    The problem is to do with Acrobat incorrectly handling embedded SWF files. It's not a vulnerability in either Flash or Shockwave so-to-speak, merely in the way that Adobe has handled it in Adobe Reader.

    As the guy from Sophos said, why would I ever want to open an SWF file in a PDF file? Sure, it could be useful for a few people in select situations, but until five minutes ago I never even knew it could be done! Adobe deserves to be criticized, but saying it's a reason not to use Flash is like saying that you shouldn't use the web because every browser has security holes and you could be hacked through one of them.

    In terms of whether Steve Jobs could be right, the fact that Apple products are consistently shown to be insecure would make any justification based on security seem to be hypocritical.
    For iPhone, I'm talking about sending an sms to crash the phone, sending an sms to take control of the phone, using a web page to view someone's sms', etc.
    For Macs, I'm talking about using links that can take control of the system, emails that can take control of the system, etc.
    At least Adobe knows that it needs to cut down on these embarrassing security problems. Apple has the benefits of security by obscurity, so it's security is never tested as much. Which never seems to stop hackers getting through Safari in less than ten minutes. Flash is installed on 99% of computers, according to Millward Brown, which makes it even more open to attack than Windows. It's unsurprising that security problems are found frequently, almost every system has vulnerabilities and bugs, and most of them are fixed by simply not running under an admin account.
     
    Last edited: 7 Jun 2010
  4. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,085
    Likes Received:
    6,635
    Sounds like you're struggling a bit with the mathematics yourself, there: the flaw exists in both Adobe Reader *and* Flash Player.

    To quote Adobe: "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems." (my emphasis)

    HTH.
     
  5. NuTech

    NuTech Minimodder

    Joined:
    18 Mar 2002
    Posts:
    2,222
    Likes Received:
    96
    Adobe, you're really not helping your case with Apple here. :(
     
  6. Bakes

    Bakes What's a Dremel?

    Joined:
    4 Jun 2010
    Posts:
    886
    Likes Received:
    17
    Ah yes, but the vulnerability is only found when you are using Acrobat, it can only be exploited when Flash files are embedded in a PDF file. That's what I meant by 'so-to-speak', there is a vulnerability in Flash but it's dependent on other more important conditions before it can be properly exploited, it's entirely to do with the integration of Flash and Acrobat and the way that Acrobat handles Flash files. From what Adobe have said, there seems to be absolutely no problem with Flash applets in any web browser (with this specific exploit, anyway).
     
  7. Showerhead

    Showerhead What's a Dremel?

    Joined:
    11 Jan 2010
    Posts:
    1,110
    Likes Received:
    33
    And that's why i don't use adobe reader. Unfortunately as a hige chuck of the internet uses flash i'm kinda stuck with it.
     
  8. rickysio

    rickysio N900 | HJE900

    Joined:
    6 Jun 2009
    Posts:
    964
    Likes Received:
    5
    Jobs : Kekekekekeke
     
Tags: Add Tags

Share This Page