[LINK] RFI: Intrusive Internet Mechanisms
Rick Welykochy
rick at praxis.com.au
Wed Dec 1 17:38:47 AEDT 2010
Thanks for the well thought out advice, Karl. I'm thinking about
"sandboxing" my browser.
Karl Auer wrote:
> If you use Flash, you should also set the permissions on the Macromedia
> home directory to forbid writing. I don't know how you would do that in
> Windows, but in Linux it's
>
> sudo chown root:root /your/home/directory/.macromedia
> sudo chmod go-rwx /your/home/directory/.macromedia
Flash is indeed a scary one. Heavens knows what it gets up to. The latest OS X
security update from Apple kinda says it all. Note that each CVE number below
is a different vulnerability, most likely discovered and fixed since the prior
Apple update some FIVE months ago (!)
http://support.apple.com/kb/HT4435
"Flash Player plug-in
CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297,
CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,
CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170,
CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,
CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180,
CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,
CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213,
CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636,
CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642,
CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,
CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654,
CVE-2010-3976
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6
through v10.6.4, Mac OS X Server v10.6 through v10.6.4
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug-in, the most
serious of which may lead to arbitrary code execution. The issues are addressed
by updating the Flash Player plug-in to version 10.1.102.64. Further information
is available via the Adobe web site at http://www.adobe.com/support/security/"
The need for Flash will lessen with the adoption of HTML5. Although
said adoption will give rise to other privacy issues, as discussed
on this list.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
aibohphobia - the fear of palindromes
More information about the Link
mailing list