Adobe muzzles TWO zero-day wild things with emergency Flash patches Adobe published a critical Flash Player update on Thursday that fixes not just one but two zero-day flaws, both under active attack by hackers. Both Windows and Mac users are in the firing line. One of the vulnerabilities (CVE-2013-0633) is being harnessed in targeted attacks designed to trick marks into opening a Microsoft …
Just as a small sample picking on one linux OS, please feel free to browse the almost daily updates on the latest Ubuntu release (goes back 40 pages at the time of writing, just on the current release)...
http://www.ubuntu.com/usn
Note the words, "security", "vulnerability", "attack" amongst others (slightly worrying so many are related to the kernel!)
I'm not advocating one over the other. I use Windows, I use Linux, I use all kinds of systems. They all (hopefully) have security patches for inevitable vulnerabilities and fairly normal, especially with the rapid software release practice these days.
Most kernel vulnerabilities require local access....
This is the main difference between Windows and Linux critical vulnerabilities.
Windows you just have to be plugged into the net to be owned - most Linux kernel vulns require physical access or even a non root account in the first place.
Hmmm...
For the last few days the hardware Flash acceleration in Chrome seems broken - high CPU load and jerky video... just like it was for a short while six months back. IE seems fine- if it sees the video at all.
Personally, I wouldn't be upset if Flash died by the wayside. It doesn't appear to be designed for the user's benefit. I hope all obstacles to wider adoption of alternatives can be smoothed over.
"to trick marks into opening a Microsoft Word document email attachment that contains malicious Flash (SWF) content."
As long as this insanity continues in the corporate world and M$FT, there is no hope for any real security. Why on earth do they need a movie inside a text document ???
>Why on earth do they need a movie inside a text document ???
The whole idea is that a document doesn't need to know what kind of content is embedded in it- just to who to call to open it. This embedded document could be a spreadsheet, an image or a video- the host document doesn't know or care. This is an old concept.
That's the idea- obviously things don't always go smoothly when translated into practice.
Maybe your question should be- "how can any content inside a document be allowed to be damaging to the system"? but the line gets a bit fuzzy.... like the Sorcerer's Apprentice, powerful tools can be dangerous.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
