back to article Google patches Flash bug before Adobe

Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack. Users of the animation software on other browsers and operating systems will have to wait until next week for the same patch. Chrome was able to beat the rest of the pack thanks to ongoing …

COMMENTS

This topic is closed for new posts.

Here's a brilliant idea-

Don't open shady looking attachments from your E-mail inbox kids.

3
8

True

Your kind makes people to setup a page with the flash exploit, mask it with url shortener, put link to some xxx looking mail sent to your address and exploit your computer saying "what did you say?" while erasing all data.

Must be glad I am not a black hat.

Flash vulnerability means, it can be run embedded from any web page to infect poor non techie users. Got it? They even put them in Ads!

3
0
Bronze badge
Grenade

Here's a brilliant idea for you

Read. Think. Don't post.

* Malware Installed by LiveJournal Ad

http://it.slashdot.org/story/06/06/24/1420251/Malware-Installed-by-LiveJournal-Ad

* Major Ad Networks Found Serving Malicious Ads

https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210

* Google Text Ads For Known Malware Sites

http://tech.slashdot.org/story/08/11/14/1352221/Google-Text-Ads-For-Known-Malware-Sites

* Hackers Use Banner Ads on Major Sites to Hijack Your PC

http://www.wired.com/techbiz/media/news/2007/11/doubleclick

* Malware Rising - Attacks Increasing Through Malicious Online Advertising

http://www.securityweek.com/malware-rising-attacks-increasing-through-malicious-online-advertising

etc.

2
0
Silver badge

Actually, his solution would solve the problem.

Mail admins where I worked always tried to train users to save attachments to disk before opening them. This gives the AV software a chance to scan the file before it is opened. As an Outlook shop, it also solves the problem of maroons opening the attached document, editing the crap out of it, saving it, but not as a new file, and then losing all of their changes when they DIDN'T save the email from which they edited the document.

As for your Black Hat alternative, that wouldn't hit me either. I don't open dodgy emails for XXX pics either. So you need a REAL drive-by exploit to nail me. On Windows there are plenty of them out there and I've been nailed by some. Worst one was from an MSN banner ad because I forgot to change the default page to Google before starting IE6 to run MS updates to patch the newly built XP SP3 system. On the upside, since it was brand-spanking new, there was no data loss and the decision to delete partitions and start fresh was easy.

0
0
WTF?

WTF really

1 week extra left vulnerable to test the other combinations? Who are they kidding?

Is this Google's new strategy, get people to use their browser by sneakingly convincing the buggiest plugin in history to delay security patches for other platforms?

1
4
FAIL

Fix?

"Google patches Flash bug before Adobe"

"Google has already released an update for its Chrome browser that fixes a critical vulnerability in Adobe's Flash Player that's under attack".

--->

I think you mean "does a work around"... not "fixes" or patches Flash - unless you are saying that Adobe is hacking or forking Adobe's very own source code?

0
9
Anonymous Coward

If you read the article

it says Google had access to a pre-release version of that-particular-bug-fixed Flash

0
0
Anonymous Coward

I dunno

maybe the content of the article makes that a bit clearer. If only I had time to read it...

1
0
G2
FAIL

reading comprehension fail

reading comprehension fail, google chrome really uses a patched flash plugin, not a work-around.

http://www.adobe.com/software/flash/about/

in firefox: You have version 10,2,152,32 installed

in chrome: You have version 10,2,154,25 installed

The table below contains the latest Flash Player version information. Adobe recommends that all Flash Player users upgrade to the most recent version of the player through the Player Download Center to take advantage of security updates.

Platform Browser Player version

Windows Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 10.2.152.32

Windows Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 10.2.152.32

0
0
FAIL

Trigger happy commenting....

No, they really do mean that the Chrome update includes a fixed version of Flash. Adobe aren't

quite hacking or forking Adobe's code, but they do have access to newer versions than the

rest of us. You might want to try reading *all* of the article next time (or at least the second

paragraph!).

0
0
Silver badge
FAIL

counter-fail.

I thought I would go ahead and share the fine article with you:

"Chrome was able to beat the rest of the pack thanks to ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash, Adobe spokeswoman Wiebke Lips said. "

Let my try to use small words for you. Google gets a release of flash from adobe which has a fix but is not yet completely tested in all browsers by adobe. google, not needing to test in any browser but Crome, is able to verify the patch faster then Adobe is, and therefor release sooner. It is an Adobe-written fix, not a fork.

0
0
Anonymous Coward

Wiebke Lips

is a brilliant name

1
0

This post has been deleted by its author

This post has been deleted by its author

Thumb Down

@Frank

Gnash is pretty much dead mate, at best they're flogging a dying horse [8 months since last update]......

If Google with scores of hard-ass developers and billions in the bank are partnering with Adobe on Chrome integration that must tell you something.

0
0
FAIL

Umm

"animation software" ? What is this, the Daily Mail ?

1
0
Paris Hilton

double take

Wiebke Lips.... where does this name come from? a german porn star actress?

1
0

so...

We must make sure newbies install Google spyware browser (with default settings) and lock themselves and private lives to Google not to be exploited by no-name spyware installed by flash vulnerability.

Funny part is, I haven't heard any spyware that "reads" user private mail and makes sure it is never actually deleted.

If both companies read this comment, here is why the entire planet hates you.

3
1

@ Fix?

No, it means that Adobe has already coded the patch for the flaw but will only release the patched version it to Google for deployment because Google helped test it while every other browser platform still needs more testing before Adobe will release it for the others.

0
0
Silver badge

Googles alrady fixed flash

HTML5 - youube will do VP8 rather than flash. Wait a while...

Sorted.

0
0
Silver badge
FAIL

RTFA

"ongoing collaboration with Adobe that allows Google advanced access to updated builds of Flash"

0
0
Gates Horns

Delivery mechanism

Why the hell is it possible to embed a Flash video in an Excel spreadsheet anyway? Because spreadsheets aren't exciting enough there has to be a way to animate those numbers?

^^ Oh no. That's why.

1
0
Silver badge

Does this imply...

...that Google pushed out the update with minimal testing?

0
0
Anonymous Coward

@Heyrick

No.

1
0
Stop

Uninstall Office ?

Why the hell do you need flash running in Excel it's just a bloody spreadsheet, I assume LibreOffice does not allow the same attack vector ?

Don't just blame Adobe on this one folks

2
1
Gold badge

Flash in Excel

Excel supports ActiveX controls, and I dare say there are thousands of legitimate uses for such extensibility. Flash is an ActiveX control. Ergo, Flash can run in Excel.

You might as well ask why computers are able to run Flash. It's all software. It's flexible. Get used to it or find another job.

0
1
Thumb Down

Pardon ?

Flexibility at the expense of security ?

I think you should get another job (assuming you are a MCSE) and by the way flash is not an activeX control on linux or OSX.

ActiveX is a botched security nightmare.

0
0
Silver badge
FAIL

Perfect example

Why the only version of flash you should ever allow on your computer is the one that comes with the latest Chrome and even then you should always run Chrome with the --safe-plugins flag to make sure its sandboxed. In general if you have any Adobe software (malware portals) on your system you are asking to join a botnet regardless of other safety precautions.

0
0
Happy

"They even put them in Ads!"

I had heard that.

I had also heard that reputable websites generally don't do (or serve) Flash adverts because (a) they have some respect for their readers (b) the prevalence of assorted Flash blockers and disablers means it's just so much wasted space for the website anyway.

Or was I dreaming or under the influence?

0
0

yet again ..

Adobe proves itself the Acquired Immunity Deficiency Syndrome of the internet.

Roll on HTML 5 when this company and its crappy vuln-ridden products will be obsolete.

1
0
Grenade

Vendors not fixing code

I had a similar issue with CA about 20 years. I needed to be able to run one of CA's product's in a certain way and could not because they hadn't updated their software.

It was at the time one of the few CA products that still shipped with source. I asked CA and they said in the best case 4-6 months. I was on deadline and couldn't wait for them so I went in and patched CA code to allow running their product (it was *LEGAL*). It took me say 3 days and the code was in one specific area so that made it extra easy. I tested it over the weekend and it worked. SO I called CA monday AM and told them I figured out the fix (they were getting a lot of pressure from other users). I told them to go to hell. It works and if you want to pay me I will have to have a contract made up. They figured i would give them it for free, HAHA!!

1
1
This topic is closed for new posts.

Forums