bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 7th Jun 2010, 11:42   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Adobe warns of Flash, Acrobat attack

http://www.bit-tech.net/news/bits/20...robat-attack/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 7th Jun 2010, 12:06   #2
jrs77
theorycrafting
 
jrs77's Avatar
 
Join Date: Feb 2006
Location: Finland
Posts: 3,578
jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.jrs77 is the Cheesecake. Relix smiles down upon them.
That's exactly the problem with PlugIns...

...they add security-risks.
__________________
...and allways remember, that the world is an orange!

Stop using your smartphone as much and look up!
jrs77 is offline   Reply With Quote
Old 7th Jun 2010, 12:10   #3
Bakes
Hypermodder
 
Join Date: Jun 2010
Location: Oxford, UK
Posts: 886
Bakes has yet to learn the way of the DremelBakes has yet to learn the way of the DremelBakes has yet to learn the way of the Dremel
This article suffers from a classic case of putting two and two together to make five.

The problem is to do with Acrobat incorrectly handling embedded SWF files. It's not a vulnerability in either Flash or Shockwave so-to-speak, merely in the way that Adobe has handled it in Adobe Reader.

As the guy from Sophos said, why would I ever want to open an SWF file in a PDF file? Sure, it could be useful for a few people in select situations, but until five minutes ago I never even knew it could be done! Adobe deserves to be criticized, but saying it's a reason not to use Flash is like saying that you shouldn't use the web because every browser has security holes and you could be hacked through one of them.

In terms of whether Steve Jobs could be right, the fact that Apple products are consistently shown to be insecure would make any justification based on security seem to be hypocritical.
For iPhone, I'm talking about sending an sms to crash the phone, sending an sms to take control of the phone, using a web page to view someone's sms', etc.
For Macs, I'm talking about using links that can take control of the system, emails that can take control of the system, etc.
At least Adobe knows that it needs to cut down on these embarrassing security problems. Apple has the benefits of security by obscurity, so it's security is never tested as much. Which never seems to stop hackers getting through Safari in less than ten minutes. Flash is installed on 99% of computers, according to Millward Brown, which makes it even more open to attack than Windows. It's unsurprising that security problems are found frequently, almost every system has vulnerabilities and bugs, and most of them are fixed by simply not running under an admin account.

Last edited by Bakes; 7th Jun 2010 at 12:29.
Bakes is offline   Reply With Quote
Old 7th Jun 2010, 12:40   #4
Gareth Halfacree
WIIGII!
bit-tech Staff
 
Gareth Halfacree's Avatar
 
Join Date: Dec 2007
Location: Bradford, UK
Posts: 4,252
Gareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming SaiyanGareth Halfacree is a Super Spamming Saiyan
Quote:
Originally Posted by Bakes View Post
This article suffers from a classic case of putting two and two together to make five.

The problem is to do with Acrobat incorrectly handling embedded SWF files. It's not a vulnerability in either Flash or Shockwave so-to-speak, merely in the way that Adobe has handled it in Adobe Reader.
Sounds like you're struggling a bit with the mathematics yourself, there: the flaw exists in both Adobe Reader *and* Flash Player.

To quote Adobe: "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems." (my emphasis)

HTH.
__________________
Author, Raspberry Pi User Guide Third Edition, 21 Brilliant Projects for the Raspberry Pi and more | gareth.halfacree.co.uk | twitter | keybase.io
bit-tech news correspondent, Custom PC columnist, other things to other people
I'm a filthy freelancer! Hire me!
Gareth Halfacree is offline   Reply With Quote
Old 7th Jun 2010, 12:44   #5
NuTech
Mod Master
 
NuTech's Avatar
 
Join Date: Mar 2002
Location: London
Posts: 2,222
NuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run CrysisNuTech can run Crysis
Adobe, you're really not helping your case with Apple here.
__________________
NuTech
NuTech is offline   Reply With Quote
Old 7th Jun 2010, 13:18   #6
Bakes
Hypermodder
 
Join Date: Jun 2010
Location: Oxford, UK
Posts: 886
Bakes has yet to learn the way of the DremelBakes has yet to learn the way of the DremelBakes has yet to learn the way of the Dremel
Quote:
Originally Posted by Gareth Halfacree
Quote:
Originally Posted by Bakes View Post
This article suffers from a classic case of putting two and two together to make five.

The problem is to do with Acrobat incorrectly handling embedded SWF files. It's not a vulnerability in either Flash or Shockwave so-to-speak, merely in the way that Adobe has handled it in Adobe Reader.
Sounds like you're struggling a bit with the mathematics yourself, there: the flaw exists in both Adobe Reader *and* Flash Player.

To quote Adobe: "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems." (my emphasis)

HTH.
Ah yes, but the vulnerability is only found when you are using Acrobat, it can only be exploited when Flash files are embedded in a PDF file. That's what I meant by 'so-to-speak', there is a vulnerability in Flash but it's dependent on other more important conditions before it can be properly exploited, it's entirely to do with the integration of Flash and Acrobat and the way that Acrobat handles Flash files. From what Adobe have said, there seems to be absolutely no problem with Flash applets in any web browser (with this specific exploit, anyway).
Bakes is offline   Reply With Quote
Old 7th Jun 2010, 14:23   #7
Showerhead
Ultramodder
 
Showerhead's Avatar
 
Join Date: Jan 2010
Location: Aberdeen, Scotland
Posts: 1,110
Showerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run CrysisShowerhead can run Crysis
And that's why i don't use adobe reader. Unfortunately as a hige chuck of the internet uses flash i'm kinda stuck with it.
Showerhead is offline   Reply With Quote
Old 7th Jun 2010, 14:29   #8
rickysio
N900 | HJE900
 
Join Date: Jun 2009
Posts: 964
rickysio has yet to learn the way of the Dremel
Jobs : Kekekekekeke
rickysio is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 05:12.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.