Skip to main content
Customer Support Customer Support

Adobe, Flash-The Pwn2Own-ing Continues

  • March 8, 2013
  • 2 replies
  • 2 views
YegorP
After Wednesday saw IE 10, Chrome, and Firefox all get hammered by exploits at this year's Pwn2Own contest, Thursday was Java's and Flash's turn to see if they could withstand the hacking. Both failed. Consequently, more money was handed out to the winners who were able to bypass their defenses. Not surprisingly, Java, which has been an exploit magnet as of late, was easier to exploit than Flash. Researchers from France-based Vupen Security, echoed this fact:

"It's more expensive to create a Flash exploit than a Java one,: said Vupen CEO Chaouki Bekrar. "Every time Adobe updates Flash, they're killing bugs and techniques and sandbox bypasses, and honestly Adobe is doing a great job making it Secure."
 
Perhaps, not great enough, however. Vupen themselves won $70,000 for penetrating Flash Player defenses and George Hotz, who hacked the PS3 in 2010, became the first person to successfully bypass the Adobe Reader sandbox protection. He too was rewarded $70,000.

 
Day two of Pwn2Own continues to go to show that exploits continue to evolve just as the 'exploited' continue to patch up their programs. That's why I can't say enough times that users not only need to be wary of emergency updates, but more importantly, protect their computers with always-up-to-date internet security to make sure they're not caught off guard next time an exploit hits.

 

(Source: VentureBeat)
--Yegor P-- Social Media Content Coordinator New to the Community? Sign up for FREE today.

    2 replies

    explanoit
    Silver VIP
    Forum|alt.badge.img+6
    • explanoit
    • Silver VIP
    • March 9, 2013
    I would argue that keeping browser plugins up to date is more important than antivirus, though update delivery for Java for normal users leaves large gaps in coverage where antivirus is important.
    ---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
    jgouverneur
    Community Leader
    • jgouverneur
    • Community Leader
    • March 11, 2013
    I'd prefer technology to not be dependent on the likes of Oracle and Adobe. Slowly things are moving in that direction with HTML5 and other web standard technologies, but we are still in the Global Vendor lock-in as it stands. Eventually we'll reach the point as with Internet Explorer 6 where websites will no longer require it and we'll be free of those security holes.
    Johan Gouverneur Webroot Account Manager Dekkers Intermediair B.V.
    Terms & ConditionsAccessibility statement