Wise men make proverbs but fools repeat them
|
|
|
Adobe gets more zero day exploit mayhem
SOFTWARE OUTFIT Adobe's Flash Player has been hit with a critical zero day attack.
Adobe and the term 'zero day' go together like salt and pepper. The company has been forced to issue yet another security advisory about exploits in Flash - the second time in a week.
This time around Adobe said the exploits were spotted in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android.
"This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh," the warning advised.
"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date."
If Adobe knows exactly what the exploits are it is keeping strictly mum on this one. The company hasn't released any technical details on the critical holes in Flash Player.
Despite that, Adobe is planning to sort out a patch for the vulnerabilities by the 27 September for Windows, Macintosh, Linux, Solaris and Android. The company also said it will offer updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh. But you'll have to wait until 4 October before those come out. µ
Share this:
Share
HTML5 will certainly show its own flaws and maybe we get some new back orifices to worry about, but at least our Internet safety wouldn't be at the hands of one single company.
Specially one greedy, stubborn and monopolistic as Apple. I mean, Microsoft. I mean, Adobe.
Of course you can always refuse to install proprietary plug-ins and complain to the websites that require them.
HTML5 is a standard, not a product.
"If Adobe knows exactly what the exploits are it is keeping strictly mum on this one."
Er, yes. They're certainly not going to tell YOU.
"If Adobe knows exactly what the exploits are it is keeping strictly mum on this one."
Er, yes. They're certainly not going to tell YOU.
If we had hundreds of operating systems in use, each with dozens of web browser choices, then exploits would become much less effective. Of course, protection against exploits would also be less effective.
A show of hands: who thinks HTML (even HTML5) is intrinsically safe?
No wonder Steve Jobs wants to, or has ridden himself and his products from this appalling piece of software. It seems to have gone down hill since leaving the venerable Macromedia stable. It's about time Adobe called time on it to. Time for a stable, secure alternative.