Linked by David Adams on Wed 16th Apr 2008 15:58 UTC, submitted by supergear
IBM researcher Mark Dowd has outlined a Flash vulnerability that could allow for a rare cross-platform web-based exploit. Matasano Chargen uses a Super Mario metaphor, an example we can all relate to, to illuminate it.
Thread beginning with comment 309967
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-01-26
Read Touvan's comment above, then read the article again. You will see that this exploit required detailed knowledge of the internal workings of the VM. If the VM had been closed source developing this exploit would have been more difficult.
Ah excellent! Then I guess that makes it seemingly less "Inhuman".
So, certainly this does show that eyeballs *do* review open-source code in the interest of security auditing.
Now, if only the rest of Flash was OSS as well, it could possibly be patched and an update released without waiting for Adobe to fix it themselves.
I have to assume part of Adobe's decision to open the ActionScript engine was to encourage others to fix the problems and submit patches back so that all can benefit.
Note: I'm not necessarily an open-source zealot - but I can certainly see the benefits.
Member since:
2005-07-06
Read Touvan's comment above, then read the article again. You will see that this exploit required detailed knowledge of the internal workings of the VM. If the VM had been closed source developing this exploit would have been more difficult.
Edited 2008-04-16 21:07 UTC