Flash Get Nailed with Major Exploit as Xoom Gets Funtionality - The UpStream

Flash Get Nailed with Major Exploit as Xoom Gets Funtionality

posted Sunday Mar 20, 2011 by Nicholas DiMeo

Flash Get Nailed with Major Exploit as Xoom Gets Funtionality

At a time where the Motorola Xoom would finally be getting Flash functionality, Adobe has released a security advisory about a major flaw discovered in its Flash Player. This exploit affects Flash Player for Windows, Mac OS X, Linux, Solaris and Android and the authplay.dll file found in Acrobat and Reader X.

This flaw could potentially crash a computer that it infects or let the hacker take control of the system. Adobe has reported that the exploit is being used all over the world at this time in SWF Flash files and in Excel spreadsheets with Flash attached. So far, Acrobat and Reader X has not been affected and Adobe reports that using Protected Mode in Reader X would stop the exploit from loading.

For more on this and what to expect for a fix, hit the break.

As of now, Adobe is working hard on a fix to the exploit and an update for Flash Player, Acrobat and Reader will be released within the next week. Because of the Protected Mode in Reader X, however, Adobe will not update that software until its next scheduled update cycle.

We considered providing an out-of-cycle update for Adobe Reader X as well, which would have delayed the current patch release schedule by about another week. However, given the mitigation provided by the Adobe Reader X sandbox and the absence of attacks via PDF, we determined that an out-of-cycle update would incur unnecessary churn and patch management overhead on our users not justified by the associated risk, in particular for customers with large managed environments.

This is simply adding more fuel to the fire for Apple, who has been against adding Flash to their iPhones and iPads. However, exploits can easily be found in even the simplest of apps found in their App Store or even through text messaging.

As is with any program or website, there will always be malicious code that willattempt to be installed and there will always be exploits and vulnerabilities to discover, encounter and then fix. This is just part of the routine cycle. Either that, or everyone should switch to the new IE9 (with incentives) and experience a more beautiful web, complete with native HTML5 and H.264 support.


What You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats