JD jd1008 at gmail.com
Sat Apr 23 15:56:40 UTC 2011

On 04/23/11 06:21, James Wilkinson wrote:
> g wrote:
>> latest flash is
>> anything prior has security and crash problems.
> Craig White objected:
>> the implication being that the specific version mentioned doesn't have
>> known security and crash problems which I think both have been found to
>> be incorrect implications.
> JD asked:
>> Well, have any security exploits been detected
>> or publicized in latest version?
> It is a truism that every non-trivial program has bugs in it. Adobe
> Flash player merely seems to have way more than its fair share.
> Since it is intended to run programs from non-trusted sources, it is
> inevitable that many of these bugs will have security implications.
> After too many security vulnerabilities, too many fixes, and too many
> zero-day exploits going unfixed for too long, running Flash makes it way
> too likely that you are vulnerable to exploits that various criminals
> know about and you don’t.
> At one recent security conference:
>      Paul Baccus, a senior threat researcher at Sophos, asked if anyone
>      from Adobe was in the session. After a pause a voice at the back
>      shouted “Of course not, it’s a security conference.”
>          – Graham Cluley, senior technology consultant at Sophos, quoted
>          in
> http://theinquirer.net/inquirer/news/1736408/insecurity-experts-banish-pdf
> James.
James, you make a good case of security vulnerability
for a large class of software, not just adobe.
I am just very surprised that there is no well working
open source replacement that does not also hog the
cpu. I had tried the gnu flash, and it was not up for
the task.

More information about the users mailing list