Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flash Security Hole

Posted by Hemos on from the who-needs-security dept.

otterpop378 wrote to us about a From report on CNN about a new security hole in Flash. Evidently, it's pretty big, as Macromedia wants everyone to update - sounds like the sandbox isn't quite working as it should.

9 of 18 comments (clear)

  1. If you use gentoo... by JimDabell · · Score: 2, Informative

    This is already fixed in gentoo:

    emerge sync; emerge -u netscape-flash
  2. Nice irony... by $rtbl_this · · Score: 2, Funny

    ...accompanying a story about a serious security hole in Flash with a Flash-based popup advert.

    --
    "Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.
  3. Re:conspiracy theorist by Khalidz0r · · Score: 2, Insightful

    Heh, a big company wouldn't give up their reputation in security to simply get you to update, there are better ways to do that.

    The worst thing a company would think of doing is announcing that their software is not secure, for whatever reason.

    Khalid

    --
    "What you 'seek' is what you get!"
  4. Re:conspiracy theorist by MarkGriz · · Score: 2

    Funny thing though... there is no mention of this huge security hole on their web page. If they were so interested in security,
    you'd think they would at least announce a "New version of Flash available - now with improved security. Click here to download"

    --
    Beauty is in the eye of the beerholder.
  5. Re:conspiracy theorist by Dudio · · Score: 2, Interesting

    I didn't see anything posted to the lists (Bugtraq, Vulnwatch, Full Disclosure, etc.) about this either, until the Gentoo announcement yesterday. For an issue Macromedia calls critical, they sure are being quiet about it.

  6. Any easy way to temporaily disable flash in IE? by Palos · · Score: 2, Insightful

    This is kind of offtopic, but with a lot of sites using flash for ads that adblockers don't seem to block well, is there a way to disable it temporaily easily? I've seen some sites that show how to get rid of it, but that just brings up a popup anytime you go to a site with it. I swear 95% of the flash out there now is crap, but the other 5% is cool games I want to play :)

    1. Re:Any easy way to temporaily disable flash in IE? by oyenstikker · · Score: 2, Interesting

      www.homestarrunner.com completely justfies flash on its own.

      --
      The masses are the crack whores of religion.
  7. More info by Gogo+Dodo · · Score: 4, Informative
    For those looking for details on the vulnerability, see MPSB03-03 Security Patch for Macromedia Flash Player.

    The short answer is that you need to upgrade to Player 6,0,79,0 (why the heck Macromedia uses commas instead of periods is beyond me).

  8. Macromedia Flash Player RPMS by Laven · · Score: 2, Informative
    http://macromedia.mplug.org

    Hi, I am the maintainer of the Macromedia Flash Player RPMS for Linux. The RPM packages have been updated a few days ago, available in apt and urpmi repositories for various Linux distributions.

    The site has instructions for Gentoo and Debian Linux installation too.