Discussion in 'Article Discussion' started by CardJoe, 7 Jun 2010.
That's exactly the problem with PlugIns...
...they add security-risks.
This article suffers from a classic case of putting two and two together to make five.
The problem is to do with Acrobat incorrectly handling embedded SWF files. It's not a vulnerability in either Flash or Shockwave so-to-speak, merely in the way that Adobe has handled it in Adobe Reader.
As the guy from Sophos said, why would I ever want to open an SWF file in a PDF file? Sure, it could be useful for a few people in select situations, but until five minutes ago I never even knew it could be done! Adobe deserves to be criticized, but saying it's a reason not to use Flash is like saying that you shouldn't use the web because every browser has security holes and you could be hacked through one of them.
In terms of whether Steve Jobs could be right, the fact that Apple products are consistently shown to be insecure would make any justification based on security seem to be hypocritical.
For iPhone, I'm talking about sending an sms to crash the phone, sending an sms to take control of the phone, using a web page to view someone's sms', etc.
For Macs, I'm talking about using links that can take control of the system, emails that can take control of the system, etc.
At least Adobe knows that it needs to cut down on these embarrassing security problems. Apple has the benefits of security by obscurity, so it's security is never tested as much. Which never seems to stop hackers getting through Safari in less than ten minutes. Flash is installed on 99% of computers, according to Millward Brown, which makes it even more open to attack than Windows. It's unsurprising that security problems are found frequently, almost every system has vulnerabilities and bugs, and most of them are fixed by simply not running under an admin account.
Sounds like you're struggling a bit with the mathematics yourself, there: the flaw exists in both Adobe Reader *and* Flash Player.
To quote Adobe: "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems." (my emphasis)
Adobe, you're really not helping your case with Apple here.
Ah yes, but the vulnerability is only found when you are using Acrobat, it can only be exploited when Flash files are embedded in a PDF file. That's what I meant by 'so-to-speak', there is a vulnerability in Flash but it's dependent on other more important conditions before it can be properly exploited, it's entirely to do with the integration of Flash and Acrobat and the way that Acrobat handles Flash files. From what Adobe have said, there seems to be absolutely no problem with Flash applets in any web browser (with this specific exploit, anyway).
And that's why i don't use adobe reader. Unfortunately as a hige chuck of the internet uses flash i'm kinda stuck with it.
Jobs : Kekekekekeke
Separate names with a comma.