Posts tagged ‘Adobe Flash flaws’

As Adobe Flash Player Sandboxed, Chrome Vulnerability Disappears

Vulnerable program as it is, Adobe Flash Player is still too important in Internet field to be ignored by web browsers. In fact, the current market is not only hunting perfect Adobe Flash Player alternatives for web browsers but also trying to figure out methods to make Adobe Flash Player more secure in web browsers. To improve the security level of Chrome, Google has announced that Adobe Flash Player will be sandboxed in newly-released Chrome 23 running on desktop platforms like Windows, Mac, Linux and Chrome OS. To some extent, the sandboxed Adobe Flash Player may lead to the disappearing of Chrome vulnerability.

Chrome and Flash

Sandbox, as a security mechanism, is used to run vulnerable program like Adobe Flash Player. Sandbox a program is just like trapping a man in a virtual world that is highly supervised. He can only act when permission is granted. Moreover, whatever happens to him has little influence to the real world. Theoretically speaking, sandboxing Adobe Flash Player will prevent the automatic installation of malware, stop the downloading of hostile programs existing on malicious web pages and cease the leaking of privacy information caused by Adobe Flash vulnerabilities. Therefore, sandboxed Adobe Flash Player may symbolize the ending of Chrome vulnerabilities caused by Flash Player flaws that may lead to buffer overflow, memory corruption and even security bypass.

This is not the first time Google tries to help Chrome take full advantage of Adobe Flash Player in a safe way. As the owner of YouTube, the largest online video website in the world, Google has to add support to Adobe Flash Player in Chrome. For one thing, Adobe Flash Player is a necessity for Chrome users to watch YouTube videos; for another, HTML5 needs more time to win the battle of HTML5 vs Adobe Flash Player. Chrome first employed Adobe Flash Player as a third-party app. However, Adobe Flash vulnerabilities often got Chrome users in a situation where their computers might be affected by virus or controlled by hackers. Then Google tried to use Adobe Flash Player as a plug-in for Chrome. However, shockwave frequently refused to response to users’ requests, making Chrome an easy-to-crash web browser. Even when new Chrome vulnerabilities caused by Flash flaws were found, users could only fix them by waiting for the new updates from Google. Now, it comes to Google’s sandbox trick.

However, the story of Google and Adobe Flash Player in mobile field is a totally different one. As the developer of Android system, which is a mainstream mobile system at present, Google cooperated with Adobe Flash Player for quite a long time. Android devices running systems from 2.2 to 4.0 can take full advantage of Adobe Flash Player. However, things have changed in Android 4.1, which is also known as Jelly Bean. Google designed Android 4.1 as a system incompatible to Adobe Flash Player. Even the Chrome preinstalled in Jelly Bean devices like Nexus 7 is banned the use of Adobe Flash Player. As a consequence, Adobe Flash Player decided to retreat from Android market on August 15.

New Adobe Flash Flaw Stirs New Security Concern

The vulnerable Adobe Flash once again poses your computers at risk with a new Adobe Flash flaw. In recent days, after taking full advantages of the latest Adobe Flash flaw, a Word document named “iPhone 5 Battery” turns out to be a new menace for personal computers. Consequently, on seeing such document, delete it immediately instead of opening it. Otherwise, a backdoor known as Backdoor Briba, which will disguise an executable file downloaded from remote server as a GIF image, will be executed.

Adobe Flash Flaw

Actually, this is not the first time that hackers tried to attack personal computers via Adobe Flash flaws. In March, an Adobe Flash flaw known as CVE-2012-0779 made it easier for users to attack the computers via custom crafted emails with malicious attachments. In May, the vulnerability described as object confusion vulnerability enabled hackers to execute malicious code and even take control of the computer. Even though those Adobe Flash flaws were fixed with corresponding updates, doubts about the security of Adobe Flash have never ceased.

Just as the old saying, misfortune never comes singly. This year, Adobe Flash not only has to cope with those security vulnerabilities but also face rejections from various companies. After turned down by The new iPad for being a high-energy consuming but low-security concerning application, Adobe Flash was excluded from the supporting list of Android devices running Jelly Bean. Consequently, alternative applications are called for to help users play Flash on iPad or enjoy Flash on Google Nexus 7.

To some extent, Apple product accidentally plays an important role in the popularization of Backdoor Briba. Now as the releasing date of the long-rumored iPhone 5 is approaching, various iPhone 5 rumors were spread. As a consequence, any things related to iPhone 5 can easily stir people’s curiosity. By naming the Word document “iPhone 5 Battery”, the backdoor program gained more chances to be executed and spread. Therefore, not only Adobe Flash vulnerability is being employed by hackers this time but also people’s passion towards the latest Apple mobile, iPhone 5.

As the hit product of Apple, iPhone series has earned both profits and good reputation in recent years. As the latest member of iPhone series, iPhone 5 is rumored to be released in September along with the long-rumored iPad Mini. Though details about iPhone 5 remain unknown, one certain thing is that support for Adobe Flash on iPhone 5 won’t happen. Moreover, even though with improved security, Adobe Flash is not likely to regain its place for the rising of alternative applications.