Some more detail about recent Adobe Flash bug fixes (and defenses).
This link explains generally what was done between Adobe and Google
recently to fix as well as beef up Flash player self-defense. One thing
that becomes apparent is that some of these defenses are based on 64-bit
memory address manipulation to help hide where objects are located in
Flash's memory heap. Chrome and Internet Explorer are 64-bit but
Firefox is still 32-bit. It can use some but not all of the newly
developed defenses. Mozilla released a 64-bit developer's edition of
Firefox last March but there is no public release date yet. Part of the
problem is that many Firefox plug-ins are still 32-bit.
<http://gadgets.ndtv.com/internet/news/adobe-and-google-partner-to-bolster-flashs-defence-against-zero-day-attacks-717479>
I can't evaluate the full significance of this but if you want the
ultimate in Flash defenses against malware you should probably be
running Chrome or maybe Internet Explorer. It's not clear to me whether
Adobe has actually implemented the 64-bit tricks in the IE version of
Flash. But it is clear that it has been done in the latest version of
Chrome.
If you're a programmer you might like to read the nitty-gritty detail
from Adobe
<http://googleprojectzero.blogspot.in/2015/07/significant-flash-exploit-mitigations_16.html>
Chuck Norcutt
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|