Piczilla has been on the receiving end of much grief, famously from Steve Jobs and more recently Microsoft, vis-a-vis Flash Player security. With the release of version 10 and faster responses to known issues, Adobe’s been getting less flack. Nevertheless, Flash is still far from safe.
If you’re like me, you turned off camera and mic access in Adobe Flash Player’s system wide Settings/Preferences. The problem? That’s a completely useless gesture as control of these functions is actually held by Adobe.
Steven M. Bellovin writes that a recent Flash Player security flaw exposed by a Stanford University researcher, one that allowed a remote site to turn on a user’s camera and microphone, was quickly patched by Adobe. However, they didn’t do it with a new release — engineers adjusted settings on the company servers where settings are managed.
That’s right — code on a remote computer somewhere decides whether or not random web sites can spy on you. If someone changes that code, accidentally or deliberately, your own computer has just been turned into a bug, without any need for them to attack your machine.
And, if you’re a half-glass-full kind of law enforcement individual, Flash Player has a convenient back door, one that doesn’t require a warrant.
Thereupon, computer hacker extraordinaire Charlie Miller really summed it up best, “The main thing is not to install Flash”.
It’s little wonder then that Microsoft’s upcoming Windows 8 won’t include Flash…
What’s your take?
via Daring Fireball