Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Zero-Day Flash Bug Affects Windows, OS X, and Linux Computers

Posted by Soulskill on from the you-can-count-on-flash dept.

An anonymous reader writes "Researchers at the Kaspersky Lab have uncovered a zero-day Adobe Flash vulnerability that affects Windows, OS X, and Linux. 'While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.' Adobe has reportedly patched the bug for all platforms. Researchers first detected the bug from attacks performed on seven Syrian computers. The attacks seem to have been hosted on the Syrian Ministry of Justice website, which has led to speculation that these are state-sponsored vulnerability exploits. This speculation is further supported by evidence that one of the exploits was 'designed to target computers that have the Cisco Systems MeetingPlace Express Add-In version 5x0 installed. The app is used to view documents and images during Web conferences.'"

4 of 178 comments (clear)

  1. Long story short by Anonymous Coward · · Score: 5, Insightful

    flash is equally bad on all platforms web guys please stop using it.

    1. Re:Long story short by popo · · Score: 2, Insightful

      Yawn... "another HTML5 is almost there" post. Technology is either here or it's vapor. .. And it's not here.

      --
      ------ The best brain training is now totally free : )
    2. Re:Long story short by Dixie_Flatline · · Score: 4, Insightful

      One of the best things Steve Jobs ever did for the security of computing around the world is slowly crush Flash under his heel.

      It's bad.
      It's always been bad. Apparently, it will always be bad.

      Just let it die. It's a CPU and memory hog (another good reason not to use it on mobile; the CPUs these days can handle it, but it's bad for battery life) and it's a massive security hole. Why in the world should it get a pass? Someone at Adobe should've nuked it from orbit years ago.

  2. Seriously: why doesn't Flash just die? by dsinc · · Score: 4, Insightful

    I'm not a Flash developer, so I'm asking very seriously: is there a compelling reason to keep using Flash in 2014? For the past several years, the only notable things associated with this technology have been major security holes.