Shockwave Vulnerabilities Affect More Than 450 Million Systems 130
Trinity writes "Researchers from VUPEN have discovered critical vulnerabilities in Adobe Shockwave, a technology installed on over 450 million Internet-enabled desktops. The vulnerabilities could allow remote code execution by tricking a user into visiting a web page using Internet Explorer or even Mozilla Firefox. Version 11.5.1.601 as well as earlier ones are affected. The vendor recommends upgrading to version 11.5.1.602." Especially sobering when you consider Adobe's current push to be essentially required as an intermediary player for anyone who wants to see certain government data.
Flashblock (Score:4, Insightful)
Not just a good idea. It's the law.
But there's already a patch (Score:2, Insightful)
As there are over a billion computers with Windows vulnerabilities and countless other "at risk" applications that get patched regularly this doesn't sound like a situation all that out of the ordinary. And as with Windows some users will update and some will remain at risk.
Re:Hard to care anymore (Score:5, Insightful)
As a dev, autoupdates are evil. It's great if the updates don't change the behavior of whatever is being updated, but it sucks ass when those updates break or as MS is so fond of, remove functionality.
I've spent the last two months straight dealing work arounds for MS patches that have done this and are rolled out across 15k machines overnight.
Autoupdates are dangerous things. You get unexpected changes with no apparent reason. You have become the beta tester for software companies, and it's become accepted since they will patch it later. Hell, video game consoles are now rolling out buggy games sooner than they should because they can 'patch them later'
how about we up our standards a luittle instead and start requiring better engineering instead of treating updates as acceptable and normal
Re:Flashblock (Score:5, Insightful)
They seem to have surpassed Microsoft in their zeal to get your PC infected...
And considering that they have more marketshare than Microsoft, they can actually pull it off.
Re:Flashblock (Score:5, Insightful)
Being a Director developer, there are some things Director can do that Flash can't:
Make network calls through proxy servers
Access/Modify system resources
Director is actually capable of more than Flash, it just never caught on as well with developers. The mob rules, though.
This may be nice for a developer, but for a user, this is really scary.
Re:Flashblock (Score:3, Insightful)
Flashblock puts a placeholder in front of Flash, Shockwave, Authorware, Java, and Sliverlight.