New Zero-Day Flash Bug Affects Windows, OS X, and Linux Computers 178
An anonymous reader writes "Researchers at the Kaspersky Lab have uncovered a zero-day Adobe Flash vulnerability that affects Windows, OS X, and Linux. 'While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.' Adobe has reportedly patched the bug for all platforms. Researchers first detected the bug from attacks performed on seven Syrian computers. The attacks seem to have been hosted on the Syrian Ministry of Justice website, which has led to speculation that these are state-sponsored vulnerability exploits. This speculation is further supported by evidence that one of the exploits was 'designed to target computers that have the Cisco Systems MeetingPlace Express Add-In version 5x0 installed. The app is used to view documents and images during Web conferences.'"
Parent SHOULD NOT be modded flamebait (Score:4, Informative)
As unpopular as it is to say here on HTML-5-worshiping Slashdot, it's true. Flash can still do a lot of things that are either impossible on other platforms, or which suck on other platforms. Try implementing the average Flash game in HTML 5 (can't do it at all) or Java (can do it, but it will bring your system to a crawl) sometime.
Don't shoot the messenger just because you wish the message weren't true.
SWF: 20 fps; SVG: 5 fps (Score:4, Informative)
I just, like many others, wish someone would actually fucking *elaborate* on *concrete* *technical* hurdles of HTML5.
HTML5 has no guaranteed audio or video codec. Some browsers support only free codecs from Xiph and On2, others only patented codecs from Dolby and MPEG-LA. HTML5 implementations in use provide no consistent way for the application to request access to the camera and microphone. Neither IE nor Safari implements the Stream API at all, and Firefox and Chrome implement prefixed (that is, proprietary) versions of it [caniuse.com]. And on my laptop in Firefox 28, this particle system [themaninblue.com] runs at 20 fps in Flash, 9 fps in HTML5 Canvas, and 5 fps in SVG. Unlike HTML5 JavaScript, ActionScript has static typing and class-style inheritance, and some developers prefer those. Finally, copies of old versions of Flash for making vector animations are sold on the secondary market; Edge Animate is available only on a rental basis through Creative Cloud. I'd be interested to see what workarounds you recommend for these.