Adobe's Flash and Acrobat have 'critical' vulnerability, may allow remote hijacking

@hammydbest

Our friend Mr Jobs will be giggling like a schoolkid tonight !!

@hammydbest

I can see him buying shots for every single apple employee tonight

@brianhj Hu? What you guys talking about...

@Threlly
like this?
http://www.youtube.com/watch?v=IraQfhlMwi4&feature=player_embedded#!

@Threlly
Dear Adobe,
Nice going.
-Steve Jobs
Sent from my hand-coded HTML5 email app

@hammydbest

noone cares what steve thinks

@WindowPhoneOwnsAndroid

Sir, That is quite plainly wrong.

Yours faithfully,
Whitstable J. Smythe Esq.

@WindowPhoneOwnsAndroid

With a name like that, no one cares what YOU think.

@hammydbest
Solution to Reader 9.x vulnerability: use Foxit. Solution to Flash vulnerability: use UAC.

@WindowPhoneOwnsAndroid
Maybe his share holders do.
Durrrrrr.
Are you Becauseitsnotgoogle reborn?

@SolidSnake this DEFINITELY shut me up
i hate being wrong -_-

@inertone
Wrong about what?

@hammydbest engadget bear bating. I think you'll find its more secure than Java.

@hammydbest
You could say the same about iPhone OS too actually.

@hammydbest Easy? It's as easy as keeping your Flash player updated to the latest version. So as long as you are running 10.1, what's the problem. None! lol ....only for those that need something to complain about. FYI .... of all plugins (including ActiveX, Silverlight, Quicktime, etc) FLASH has the best security record according to even Symantec. That's also considering that FLASH is on 90% of the web sites out there!

Bash all you want.... but the reality is if you aren't viewing some kind of FLASH content on sites like YouTube (millions of other) everyday, you'd be missing it, like it or not. The is inundated with FLASH and it won't go away over night. There are just some things that can't be done as well what FLASH does them. Ads, Games and Videos or only some of them!

If you are using any of the funky HTML5 browser video players, then you know that you may have visited the Test player on YouTube, but didn't stay long. Because if you have the choice (unlike iPlatform iNazis), you know it CRAPTASTIC without FLASH!!!

@kroneage

10.1 is Beta software. The most current release build of flash is 10.0 which has the vulnerability described.

On top of that, reader is also affected, and the most recent version at that.

I don't hate flash, I use it all the time. I think Apple is stupid for trying to ditch something their users obviously want, and I never buy Apple products. That doesn't change the fact that flash currently has a crippling vulnerability in the release build of its software. Saying otherwise is just fanboyism.

@kroneage

Symantec doesn't exactly have the best track record.

@hammydbest Nice one Adobe, Jobs will rail you on this one

Interesting coincidence, my browser crashed opening Engadget today. Anyone guess what the culprit was?

You Android users looking forward to having a critical vulnerability-ridden plugin that will take months to get updated? How exactly do you get a plugin update on a mobile OS? Not from Adobe I would guess.

A mobile system is not like a desktop that flags up new updates ready to install either so you won't even know until it's too late.

In short, suck it Shambantaman Nanchamayan or whatever his name is.

Oh and for the record, I never buy Apple pishy hardware or software or devices - does that make my opinion more cool with all you guys? Honestly, why do tards even say that - I never buy Apple hardware but then agree with the article as if not owning Apple products somehow makes your opinion any more valid?

@Threlly He'll be like that guy
http://marmalademusings.files.wordpress.com/2009/11/mandark2.jpg

@MrDiSante

time to switch to Internet Explorer for more security!

UAC (or any limited account system) alone won't protect you from user mode malwares getting installed on your user profile through this flaw (this is true on any operating system, as most malware don't need admin/root privilege anymore to run)

However, as Internet Explorer (on vista/7) is the only browser that sandboxes Flash Player and adobe reader, users of Internet Explorer are safe, as this flaw CANNOT be exploited to write on the hard disk. (thus, no malware can be installed through this flaw). UAC must not have been disabled, otherwise IE sandbox is disabled too (protected mode off)

Note that although google chrome is sandboxed, flash running in chrome is NOT sandboxed (it is running in a separate process, outside the google chrome security sandbox!), making users of chrome as vulnerable as firefox, opera, safari, or IE running on XP

@link83
yeah, though i HATE IE (any version) it does have the best security, i actually cant deny it, plus lots of other tests have proved it
i was actually quite surprised when i heard it but, heh, whadda ya know?

@hammydbest

His Steveness pointed this out many, many times and yet the iHaters continue braying about his hidden agenda. CEO Narayan is not fit to gaze upon Lord Steve's magnificent visage.

@Delta

So where you say you don't buy Apple, you can't experience first hand what a heap of crap Flash for OS X is and understand that to many Mac users, it's a system crippling PoS.

@MarkAnderson

and what's your point. every system is full of flaws. try to name one system that doesnt have any security flaws.

@inspiron41 The Death Star

...Oh Wait

@inspiron41

Yes? And?

@Lord Vader

you're too good at that lol

@MarkAnderson
must be steve's secret army at work here. Just to prove the point :)

@greggoo He really is... but we love it...

@inspiron41 Yeah but almost all security exsperts agree that Flash is the worst!

@inspiron41
but how many systems have as many security flaws as flash?

@Lord Vader But that flaw's no bigger than a Womp Rat, i'm sure it won't be a problem.

@Lord Vader that was soooo epic. just wanted to say that i allways enjoy ur comments

on topic : a closed system with controled or completly closed communication with networks is pretty secure but u can't build a unvunerable system. if u have acces u can break it....

@Lord Vader
You continue to impress Mr. Vader

@inspiron41 OpenBSD? _>

@brianhj
For example Quicktime, which according to Secunia reports had more critical vulnerabilities the last few years than Flash.
Considering that Flash is a lot more widespread, and hence a more attractive target, that says a lot about Apple's own standards when it comes to security.

The biggest security threats tend to be JavaScript, Flash, Word and Acrobat, simply due to the obliquity. If you keep things up to date and use common sense the risks are still small, but if you have really sensitive or secret material on your computer you should preferably not have any of those installed.

I don't know anyone who had their systems compromised by Flash, and while a lot of Apple fanboys keep going on about how insecure Flash is, I have not yet seen or heard anyone that actually got their system compromised by it. If every critical vulnerability in every software would mean a big risk to get infected, our systems would permanently be exploited.

And Apple users should be running 10.1 already, considering how much they been whining about video playback using CPU, since that makes use of the API for HW acceleration that Apple finally made avialable.

@MarkAnderson

Maybe they should work on this...

@Psilion

Logic and reason has no place here! Posh posh, flim flam!

@tymiles Wrong: ActiveX takes that spot, and for good reason.

@Lord Vader

LOL

+1000 force points for you (not that you need them anyway)

@d0mth0ma5

Still can't figure out why they didn't just put some plywood over it or something.... :)

@Lord Vader
I must say that was pretty funny, please make me your apprentice.

@Lord Vader
Lord Vader must become a guest writer for engadget.

@MarkAnderson well to be honest html5 has alot more security issues but thats probably because it has almost no security tool because its ne but im sure if it takes off itll do great

@Lord Vader
for the win!

@tymiles

comparing to what?