Spyware Sucks

But here is the dirty little secret of browser security: Even if every Internet browser made today were completely bug-free, it wouldn't stop malicious hackers and malware. Why? Because the vast majority of successful malicious exploits today don't exploit buggy browsers, but rather unwitting end-users. That is, Web-based malware is successful because end-users are intentionally installing it! Most exploit code doesn't search for an unpatched vulnerability, but simply asks the user to install. - Roger Grimes, Infoworld

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

Flash Player 10 has been released - please install

Announced just a short while ago:
http://blogs.adobe.com/psirt/2008/10/security_bulletin_for_flash_pl.html

As my regular readers know, there are security changes in Flash 10 that *may* impact on the ever problem malvertizements that have been a too-regular topic on this blog (btw, I received an email this morning from an AV company contact to warn me that bloomberg.com has been affected by malvertizing over the past week or so). The update also addresses clickjacking and clipboard hijacking.

Note: Adobe advises that "For customers who cannot upgrade to Flash Player 10, a Flash Player 9 update is currently scheduled for early November."

For what its worth, Flash Player 10 does not give us any additional control via the Flash Player Settings Manager over the inbuilt functionality that malvertizements use to hijack web browsers. Here's hoping the security changes built into Flash Player 10 will mitigate the problems.

Be alert: the installer *pre-checks* the option to install the Google Toolbar - if you're like me, and you don't want the gosh-darned toolbar, you will want to uncheck that option.

Published Thu, Oct 16 2008 9:41 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# re: Flash Player 10 has been released - please install

Saturday, October 18, 2008 6:35 AM by Maik

The way it reads to me, you need to uninstall the previous version before installing the latest version and you need to use the Flash uninstaller to do this. On a Windows pc you need to use the latest uninstaller, released 15 Oct. 2008. See:

kb.adobe.com/.../viewContent.do

# re: Flash Player 10 has been released - please install

Saturday, October 18, 2008 8:51 AM by sandi

As far as I know it is not necessary to manually uninstall Flash 9 before installing Flash 10. The Adobe Security blog makes no mention of such a requirement, nor does the security bulletin, or the Adobe getflash page, or the installation instructions page or the system requirements page.

# re: Flash Player 10 has been released - please install

Monday, October 20, 2008 5:04 PM by Maik

Thanks, you're correct: www.adobe.com/.../messageview.cfm

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News

Flash Player 10 has been released - please install

Comments

# re: Flash Player 10 has been released - please install

# re: Flash Player 10 has been released - please install

# re: Flash Player 10 has been released - please install