Adobe Patches Nine Vulnerabilities In Flash

jones_supa writes Adobe has patched nine vulnerabilities in Flash Player — four of which are considered "critical" — in order to protect against malicious attackers who could exploit the bugs to take control of an affected system. Adobe acknowledged security researchers from Google, McAfee, HP, and Verisign. Flash's security bulletin contains more information on the vulnerabilities. The issues are fixed in mainline Flash Player 16.0.0.257 (incl. Google Chrome Linux version), extended support release 13.0.0.260, and Linux standalone plugin 11.2.202.429.

Are browsers so much better?

[Anonymous+Brave+Guy]

Do you realise that many of the criticisms you're directing toward Flash -- about rapid updates, numerous security fixes including some that were found by others, auto-updating, and so on -- could also be directly aimed at Chrome?

Chrome is an application that actively circumvents the main Windows security model so that it can update executable code on the user's machine without the administrative privileges usually required to install and modify applications. The day someone breaks into Google's update mechanism for even a short time, whether technically or from within the organisation, the damage will be astronomical.

We could discuss related issues with Microsoft's recommended security models and how much of that update mechanism is actually suggested by Microsoft itself rather than Google, but the facts of what Chrome is doing and the potential danger associated with it are still the same regardless of whose idea it was.