Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft Word …
Wasted 2 days!
I've just package and deployed v146 to the companies estate to fix the last "critical flaws". Oh well, keeps me busy!
"Critical block for active Win and MAC attacks"
You did that deliberately, didn't you?
Re: "Critical block for active Win and MAC attacks"
Mac = a brand of personal computer
MAC = Media Access Control [address]
Careful with that CapsLock, Eugene!
Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
People need to give themselves a shake and stop using MS products!
Go away Eadon.
Except the article isn't about Microsoft, its about Adobe Flash, and the only reason Linux isn't affected is because no malicious attacker is going to waste their time writing an attack that targets the 15 sandal wearers who use Linux.
See, I can be as big a troll as you!
Just as a small sample picking on one linux OS, please feel free to browse the almost daily updates on the latest Ubuntu release (goes back 40 pages at the time of writing, just on the current release)...
Note the words, "security", "vulnerability", "attack" amongst others (slightly worrying so many are related to the kernel!)
I'm not advocating one over the other. I use Windows, I use Linux, I use all kinds of systems. They all (hopefully) have security patches for inevitable vulnerabilities and fairly normal, especially with the rapid software release practice these days.
Most kernel vulnerabilities require local access....
This is the main difference between Windows and Linux critical vulnerabilities.
Windows you just have to be plugged into the net to be owned - most Linux kernel vulns require physical access or even a non root account in the first place.
Or you can distribute is using System Centre essential and SCUP catalogs [SIC]
For the last few days the hardware Flash acceleration in Chrome seems broken - high CPU load and jerky video... just like it was for a short while six months back. IE seems fine- if it sees the video at all.
Personally, I wouldn't be upset if Flash died by the wayside. It doesn't appear to be designed for the user's benefit. I hope all obstacles to wider adoption of alternatives can be smoothed over.
What The Holy FUCK ???
"to trick marks into opening a Microsoft Word document email attachment that contains malicious Flash (SWF) content."
As long as this insanity continues in the corporate world and M$FT, there is no hope for any real security. Why on earth do they need a movie inside a text document ???
Re: What The Holy FUCK ???
>Why on earth do they need a movie inside a text document ???
The whole idea is that a document doesn't need to know what kind of content is embedded in it- just to who to call to open it. This embedded document could be a spreadsheet, an image or a video- the host document doesn't know or care. This is an old concept.
That's the idea- obviously things don't always go smoothly when translated into practice.
Maybe your question should be- "how can any content inside a document be allowed to be damaging to the system"? but the line gets a bit fuzzy.... like the Sorcerer's Apprentice, powerful tools can be dangerous.
Zero-day emergency Flash patches?
"In both cases the booby-trapped Word .doc files contain an embedded flash file with no compression or obfuscation."
What are the effects of using LibreOffice and flash version 22.214.171.1242 on Ubuntu ...