This week in computer security
 

There's a new Flash Player out. The last one got some nasty security faults so upgrading is highly recommended.

Link: Adobe Flash Player 10.1.102.64

Thanks for the info. :)

How many times i hear the news of the Flash Player has serious security issue?. I think someone should get fired for that.

I agree with Apple and find Flash a PITA. It's always breaking and needing updates. Maybe someone can explain why it's so unstable….

That's why it's "This week in computer security". Stay tuned for more. :)

Because Flash is written in a system programming language where it's possible for software developers to make lots of mistakes. It's virtually impossible to guarantee the absence of these kinds of security errors. The same problems apply to Apple too.

What language are you referring to?

It's most of the times a combination of C, C++, and assembler (machine language) code. The problem with these languages is that instructions and the information they handle are equal as far as your actual machine is concerned. It's just a series of 0's and 1's. If one set of instructions handle some information incorrectly, the information can become instructions and hijack the process.

Most programs are written in those languages. There's no excuse that Flash should be more buggy than others written in the same languages.

Here's a 2010 listing that ranks by number of severe vulnerabilites in common software (link):
1. Google Chrome (76)
2. Apple Safari (60)
3. Microsoft Office (57)
4. Adobe Reader og Acrobat (54)
5. Mozilla Firefox (51)
6. Sun Java Development Kit (36)
7. Adobe Shockwave Player (35)
8. Microsoft Internet Explorer (32)
9. RealNetworks RealPlayer (14)
10. Apple WebKit (9)
11. Adobe Flash Player (8)
12. Apple QuickTime (6) og Opera (6)

Yet, there's updates to flash nearly every month, and sometimes more often. AND it crashes and causes slowdown regularly… Clearly the Flash problems are not just about server vulnerabilities.

I think he meant "severe vulnerabilities".

Yes, I interpreted that as security vulnerabilities. I was writing about crashes and slowdowns (i.e. reliability, and performance) rather than security issues.

OK. Since you wrote "server vulnerabilities" I though you misunderstood what he meant by "sever vulnerabilities" (assuming that he really meant to write "severe…").

Not important.

LOL! Yes , I think I compounded one typo with another… aiiiii….

That was a typo by me.

In defence of Flash, it's installed and running on pratically every computer in the world connected to the internet. It's interacting with video, graphics and sound. In addition it must validate and run "untrusted" virtual machine instructions from any website delivering Flash content to your webbrowser. It's pretty broad in scope so I don't imagine the engineers at Adobe has an easy job. :)

Another round of security updates:

Adobe Flash 10.2.152.26
- Fixes several critical security flaws

All Windows versions have also received critical security updates this week. Make sure to update both Flash and Windows if you don't have automatic updates enabled.

"Klicksafe" - and "Safe Internet Day", which was yesterday : https://www.klicksafe.de/ueber-klick…klicksafe.html

And a little bit more : http://ec.europa.eu/information_soci…p/index_en.htm

I thought sewers are vulnerable to rats…

Thanks for the update hishadow! It is a PITA to track flash updates, and this helps!

Thanks. I'm pretty certain there will be a couple more this year. :biggrin:

Java has just received a hefty amount of security updates. I recommend you upgrade promptly if its installed on your computer. Its actively being targeted in relation to defrauding users of online banking services.

Link: Java JRE 6 Update 24

Hey! It's time again to update Flash. Serious security flaw, as always.

Download: Adobe Flash Player 10.2.153.1
Check: your current version

TY, again! :)

No upgrade this time but a small tip in regard to wireless. Always make sure bookmarks to your email service, banking, etc. begin with https://www.name.com/ which enables a secure connection to the site you're communication with. If you're using a public wireless network, it's very easy for people to eavesdrop on the wireless traffic and log all your username and passwords. Https avoids this problem by establishing an encrypted connection to the site your visiting before sending any data. If you're not visiting Iran that is.

Tada! New security update for Flash. Fixes an exploit that enabled full access to computer.

Download: Adobe Flash Player 10.2.159.1
Check: your current version

It gives my great pleasure to announce this weeks Flash update! Nasty delete-your-hd exploits removed can be found here.

Download: Adobe Flash Player 10.3.181.14
Check: your current version

Gawd, I'm about to disable flash… what is up with all these extremely nasty exploits ?!?!

I don't know.. lots of insecure memory handling in C/C++ in the name of ultra-performance maybe. I'm personally looking forward to seeing how this will play out as an alternative in the future.

Excellant! Thanks hishadow!

Replacementdocs seems to have a huge problem.

I was at the site ca. 5 minutes ago, and out of nowhere Foxit Reader (my replacement for Acrobat Reader) popped up an error message saying : "Not a PDF or corrupted."

Seemingly someone wants to exploit a security issue in Acrobat Reader from there …

Interestingly, I got the Foxit Reader error message pop up even AFTER I had closed the Firefox tab of the "Replacement Docs" site !

The message has arrived there, too : Before closing the Firefox tab of that site, I saw a message about "eplacentdocs" being marked as an infected site somewhere …

Yeah, you should turn off all unneeded plugins that embeds in webpage under Firefox -> Addons -> Plugins. In Internet Explorer it's Control Panel -> Internet Options -> Programs -> Manage Addons -> Toolbars & Extensions (notice how much further you must dig :)). I personally use SumatraPDF which is very lightweight.

Interesting : http://www.h-online.com/news/item/Wo…d-1255388.html

Time to update your Flash again! As usual a serious security flaw has been found.

Download: Adobe Flash Player 10.3.181.23
Check: your current version

For those of you who play Minecraft there is an update for Java which fixes several critical flaws.
Link: Java 6 JRE Update 26

Thanks, again, for the update notices!

*cough* A new critial security vulnerability in Flash.

Download: Adobe Flash Player 10.3.181.26
Check: your current version

Thanks again for that set of links!

With summer vacation done new critial security vulnerabilities awaits Flash.

Download: Adobe Flash Player 10.3.183.5
Check: your current version

Thanks, again, hishadow!

Has there ever been an application with more security issues than Adobe Flash? :)