There’s a new Flash vulnerability out in the wild today. It appears that it’s already being put to use to install malware.
A few weeks back Aviv Raff disclosed a vulnerability in IE 7 and 8 that could also be used to install malware on a system.
This continues to prove my point that features like noscript will have to become native to web browsers in future generations. This idea of browser security from an “only approved” approach rather than a “everyone except” approach. This, in turn, will mean users see your web site first without any Flash or Javascript enabled. Will your web site still work? It better, otherwise these people won’t bother enabling these features if they can’t know to trust your site.
On a side note, I attempted the exploit Aviv Raff detailed on a few of my own computers (as well as those of friends) and immediately noticed that Vista would warn users before any external applications were run. So even if you were browsing an exploited site you remained fairly well protected on Vista (as long as you don’t just click “allow” automatically which, I fear, is exactly what Vista users learn to do within their first week of exposure to the OS.
Still, chalk one up for Vista that if your browser fails you still have a chance at keeping yourself protected.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.