Feeds

back to article Adobe muzzles TWO zero-day wild things with emergency Flash patches

Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word …

COMMENTS

This topic is closed for new posts.
Happy

Wasted 2 days!

I've just package and deployed v146 to the companies estate to fix the last "critical flaws". Oh well, keeps me busy!

1
0
Silver badge
Headmaster

"Critical block for active Win and MAC attacks"

You did that deliberately, didn't you?

1
0
Silver badge

Re: "Critical block for active Win and MAC attacks"

Mac = a brand of personal computer

MAC = Media Access Control [address]

Careful with that CapsLock, Eugene!

1
0
Anonymous Coward

Surprise

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

2
5
Silver badge

Re: Surprise

Go away Eadon.

2
1
Silver badge
Trollface

Re: Surprise

TROLL

Except the article isn't about Microsoft, its about Adobe Flash, and the only reason Linux isn't affected is because no malicious attacker is going to waste their time writing an attack that targets the 15 sandal wearers who use Linux.

See, I can be as big a troll as you!

2
2
Bod

Re: Surprise

Just as a small sample picking on one linux OS, please feel free to browse the almost daily updates on the latest Ubuntu release (goes back 40 pages at the time of writing, just on the current release)...

http://www.ubuntu.com/usn

Note the words, "security", "vulnerability", "attack" amongst others (slightly worrying so many are related to the kernel!)

I'm not advocating one over the other. I use Windows, I use Linux, I use all kinds of systems. They all (hopefully) have security patches for inevitable vulnerabilities and fairly normal, especially with the rapid software release practice these days.

0
1
Linux

Re: Surprise

Most kernel vulnerabilities require local access....

This is the main difference between Windows and Linux critical vulnerabilities.

Windows you just have to be plugged into the net to be owned - most Linux kernel vulns require physical access or even a non root account in the first place.

1
0
Anonymous Coward

Deployment woes...

Or you can distribute is using System Centre essential and SCUP catalogs [SIC]

0
0
Anonymous Coward

Hmmm...

For the last few days the hardware Flash acceleration in Chrome seems broken - high CPU load and jerky video... just like it was for a short while six months back. IE seems fine- if it sees the video at all.

Personally, I wouldn't be upset if Flash died by the wayside. It doesn't appear to be designed for the user's benefit. I hope all obstacles to wider adoption of alternatives can be smoothed over.

0
0
Flame

What The Holy FUCK ???

"to trick marks into opening a Microsoft Word document email attachment that contains malicious Flash (SWF) content."

As long as this insanity continues in the corporate world and M$FT, there is no hope for any real security. Why on earth do they need a movie inside a text document ???

3
0
Silver badge

Re: What The Holy FUCK ???

>Why on earth do they need a movie inside a text document ???

The whole idea is that a document doesn't need to know what kind of content is embedded in it- just to who to call to open it. This embedded document could be a spreadsheet, an image or a video- the host document doesn't know or care. This is an old concept.

That's the idea- obviously things don't always go smoothly when translated into practice.

Maybe your question should be- "how can any content inside a document be allowed to be damaging to the system"? but the line gets a bit fuzzy.... like the Sorcerer's Apprentice, powerful tools can be dangerous.

3
0
Anonymous Coward

Zero-day emergency Flash patches?

"In both cases the booby-trapped Word .doc files contain an embedded flash file with no compression or obfuscation."

What are the effects of using LibreOffice and flash version 11.2.202.262 on Ubuntu ...

0
0
This topic is closed for new posts.