Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flash Exploit Could Log Keystrokes

Posted by CmdrTaco on from the i-thought-adobe-was-good-in-a-wreck dept.

Kenyon Lessi writes "Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers. The problem affect Adobe Flash Player version 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms."

6 of 156 comments (clear)

  1. Quality by Reality+Master+101 · · Score: 2, Interesting

    You know, to be fair to Flash, I have to say that it's an incredibly well-written application overall. It's very small to download and it works very well. Heck, they actually made video consistently work on the Internet! I think you can make an argument that they are solely responsible for making video sites like YouTube viable. All video STILL sucks except for Flash.

    Of course, the quality of Flash is a different question from how it's abused. :) [personally, I don't mind Flash all that much.]

    --
    Sometimes it's best to just let stupid people be stupid.
    1. Re:Quality by Anonymous Coward · · Score: 2, Interesting

      So well written that they couldn't port it to 64bit platforms without rewriting the underlying script host from the ground up.

      That's some "Real Quality Software" right there and it's great that flash is so instrumental in furthering the promise of an open, accessible web. How I wish every web page was a chunk of executable bytecode.

    2. Re:Quality by Anonymous Coward · · Score: 1, Interesting

      "If an application cannot simply be recompiled on a 64-bit host then it is programmed incorrectly. End of story."
      This is the most ridiculous claim I have heard today.

    3. Re:Quality by TheRaven64 · · Score: 2, Interesting

      There are a few projects that really show up Java. One is Flash. Another is Squeak, which manages to run Smalltalk fast enough that you can run video CODECs written in Smalltalk on it even on slightly old hardware. I think the Squeak team really dropped the ball on the whole web thing; a Squeak plugin could have been an incredible platform for rich client-side development (Squeak is still one of the best development environments around), but they concentrated on desktop replacement instead.

      --
      I am TheRaven on Soylent News
  2. Re:Always So Negative by UbuntuDupe · · Score: 3, Interesting

    This sounds kind of like the "exploit" in Second Life, where you can script objects to listen for commands from users, which necessarily allows you to script listening bugs -- just have it listen for whatever people say near it, and IM the results back to you. I actually wrote a few of these and ended up finding out not-too-cool things people were saying about me.

    Anyone know if they've fixed this somehow?

    --
    Apology to Ubuntu forum.
  3. Re:Can't trust 'em by Touvan · · Score: 2, Interesting

    This is very interesting. Like the Java clones before it, this project (swfdec), and gnash show how popular closed source projects have their own way of encouraging something similar to the dreaded "forking" that corporations fear so much. What's interesting about Java is that opening the source seems to have reversed that trend, and we now see some attempts to unify the many Java code bases.

    I wonder if Adobe will figure that out, and open up Flash Player some more.

    --
    http://www.unfocus.com/