Showing posts with label adobe flash security. Show all posts
Showing posts with label adobe flash security. Show all posts

Sunday, July 19, 2015

Google Helps Adobe With Flash Player Security - http://clapway.com/2015/07/19/google-helps-adobe-with-flash-player-security345/

Adobe Looks To Google To Help Them With Disaster


Any news lately regarding the Adobe Flash Player has been something of a fiasco. The security behind it has been an abject failure, leaving an unfathomable amount of data vulnerable. And with vulnerable data comes hackers exploiting it, which has inevitably been occurring. In an age where everything is kept online and must be as safe as possible, Adobe has started looking like an old dog that can’t learn a new trick. They couldn’t buy good press. So they’ve partnered up with Google, a company that not only always has good press, but has a whole section of their site that literally distributes press. Google’s computer security team went to work on the Flash Player to amp up security for the commonly used player, an alliance that could well keep the Adobe Flash Player alive.


Google Noticed Security Problems Adobe Could Not


In the past month, Adobe has had to make quite a number of patches to the Flash Player to prevent CVEs, aka Common Vulnerabilities and Exploitations. Specifically, that number is 38, three of which had been successfully exploited by Hacking Team, an Italian spyware maker with a bizarrely on-the-nose name. According to Adobe, Google discovered 20 of the 38 CVEs they’ve worked to patch up in the Flash Player. Instead of simply reporting these to the Adobe team, the Google team also worked with them to fix these issues and potentially prevent further attacks to the Flash Player.


Three Helpful Defenses Put Into Place


The key to helping protect the Flash Player was knowing what bugs in Adobe were used to exploit it. Ultimately, a lot of the exploitations of the Flash Player came down to extending the length value of an array without relocating it. Doing this allowed you to access memory that you previously couldn’t. Knowing this was a primary source of trouble, Google helped put some defenses in. One defense is known as buffer heap partitioning, which makes changing the length of an array almost impossible to do without crashing it. There’s also a better randomization of the Flash heap. This makes it much more difficult for a hacker to know the memory layout at the moment they intend to exploit it. Lastly, there’s length validation. This adds something to the metadata of an array called a secret. Changing the length of the array changes the secret, and if the hacker can’t find the correct secret for the new length, the Flash Player bails out.


 


get the rokit boost evo bluetooth headphones free in our giveaway!




Google Helps Adobe With Flash Player Security
Posted by at No comments:
Labels: , , , , , , ,

Tuesday, July 14, 2015

Is anyone really going to be sad about #Adobe #Flash being done for good? - http://clapway.com/2015/07/14/adobe-flash-on-its-deathbed-mozilla-blocks-plugin-in-firefox-245/

Adobe Flash is dead. At least, that’s what many tech leaders are hoping will happen soon. Mozilla Firefox began to automatically block the Adobe Flash plugin on Monday night amid security concerns, just a day after Facebook called for the death of the despised plugin.


A Security Threat


The concerns over Adobe Flash emerged after hackers broke into the government-sponsored group Hacking Team’s databases and leaked a treasure trove of documents which tell in detail how cyber criminals have been using the plugin to hack into people’s computers and install malware.


Mark Schmidt, who leads the support team for Mozilla’s Firefox, tweeted, “BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now.”


Facebook’s new chief security officer, Alex Stamos, also tweeted, “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”


Adobe Flash is Unreliable


Once upon a time, Adobe Flash was the most sought-after plugin on the internet. It was the standard plugin to use if one wanted their web browser to access multimedia items, such as videos, animations, games, GIFs, and interactive websites. However, over the years, Flash began to cause problems for users. Web browsers and computers started crashing as a result of the plugin’s failure, and security issues have occurred several times over the course of Adobe Flash’s life.


In recent years, many websites have begun to favor the use of the internet markup language HTML5 over the Flash plugin. HTML5 accomplishes many of the same things that Adobe Flash does, and is more secure because it does not require the user to install any plugins.


On its Deathbed


Apple sowed the seeds of Adobe Flash discontent into the mainstream in 2010, when it made it clear that its iDevices would not support Flash. Apple’s late co-founder, Steve Jobs, wrote a lengthy open letter in April of that year entitled “Thoughts on Flash” to explain why he had decided not to adopt Flash support, citing the spotty security and saying that Adobe Flash was “the number one reason Macs crash.” He also explained that Flash was full of bugs and had such a horrible security record. Since then, numerous tech experts have joined the war against Adobe Flash over the years, calling for the plugin’s death.


 


For more tech related news, check out reviews on Clapway Trends:




Adobe Flash on its Deathbed? Mozilla Blocks Plugin in Firefox
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)