This week in computer security

There's a new Flash Player out. The last one got some nasty security faults so upgrading is highly recommended.

Link: Adobe Flash Player 10.1.102.64

Thanks for the info.

How many times i hear the news of the Flash Player has serious security issue?. I think someone should get fired for that.

I agree with Apple and find Flash a PITA. It's always breaking and needing updates. Maybe someone can explain why it's so unstable….

Originally Posted by Remus
How many times i hear the news of the Flash Player has serious security issue?

That's why it's "This week in computer security". Stay tuned for more.

Originally Posted by Thrasher
I agree with Apple and find Flash a PITA. It's always breaking and needing updates. Maybe someone can explain why it's so unstable…

Because Flash is written in a system programming language where it's possible for software developers to make lots of mistakes. It's virtually impossible to guarantee the absence of these kinds of security errors. The same problems apply to Apple too.

What language are you referring to?

It's most of the times a combination of C, C++, and assembler (machine language) code. The problem with these languages is that instructions and the information they handle are equal as far as your actual machine is concerned. It's just a series of 0's and 1's. If one set of instructions handle some information incorrectly, the information can become instructions and hijack the process.

Most programs are written in those languages. There's no excuse that Flash should be more buggy than others written in the same languages.

Here's a 2010 listing that ranks by number of severe vulnerabilites in common software (link):
1. Google Chrome (76)
2. Apple Safari (60)
3. Microsoft Office (57)
4. Adobe Reader og Acrobat (54)
5. Mozilla Firefox (51)
6. Sun Java Development Kit (36)
7. Adobe Shockwave Player (35)
8. Microsoft Internet Explorer (32)
9. RealNetworks RealPlayer (14)
10. Apple WebKit (9)
11. Adobe Flash Player (8)
12. Apple QuickTime (6) og Opera (6)

Yet, there's updates to flash nearly every month, and sometimes more often. AND it crashes and causes slowdown regularly… Clearly the Flash problems are not just about server vulnerabilities.

I think he meant "severe vulnerabilities".

Yes, I interpreted that as security vulnerabilities. I was writing about crashes and slowdowns (i.e. reliability, and performance) rather than security issues.

Originally Posted by Thrasher
Yes, I interpreted that as security vulnerabilities. I was writing about crashes and slowdowns (i.e. reliability, and performance) rather than security issues.

OK. Since you wrote "server vulnerabilities" I though you misunderstood what he meant by "sever vulnerabilities" (assuming that he really meant to write "severe…").

Not important.

LOL! Yes , I think I compounded one typo with another… aiiiii….

That was a typo by me.

In defence of Flash, it's installed and running on pratically every computer in the world connected to the internet. It's interacting with video, graphics and sound. In addition it must validate and run "untrusted" virtual machine instructions from any website delivering Flash content to your webbrowser. It's pretty broad in scope so I don't imagine the engineers at Adobe has an easy job.

Another round of security updates:

Adobe Flash 10.2.152.26
- Fixes several critical security flaws

All Windows versions have also received critical security updates this week. Make sure to update both Flash and Windows if you don't have automatic updates enabled.

"Klicksafe" - and "Safe Internet Day", which was yesterday : https://www.klicksafe.de/ueber-klick…klicksafe.html

And a little bit more : http://ec.europa.eu/information_soci…p/index_en.htm

Originally Posted by pibbur
"sever vulnerabilities" (assuming that he really meant to write "severe…").

I thought sewers are vulnerable to rats…

Thanks for the update hishadow! It is a PITA to track flash updates, and this helps!

Thanks. I'm pretty certain there will be a couple more this year.