Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Java and Flash vulnerabilities mean Macs are no longer safe from security threats

Karen Haslam | March 8, 2013
Recently Apple has taken to blocking Java and Flash via Xprotect, this is not surprising given the alarming number of vulnerabilities discovered so far this year.

Apple blocked Adobe Flash on the Mac due to a series of vulnerabilities. However, while it might mean you are being greeted by fewer adverts, you will no doubt have noticed that iPlayer, 4OD and other on demand services no longer work. We explain how to get Flash to work again here.

Like Oracle with Java, Adobe has been busy patching vulnerabilities in its Flash Player over the past month. At the end of February Adobe patched new vulnerabilities in Flash Player that hackers were exploiting in attacks aimed at Firefox users. The company also released patches for Flash Player and Shockwave Player earlier in the month, patching a total of 17 vulnerabilities were patched in the Flash Player, 16 of which were critical and could result in remote code execution.

These vulnerabilities "could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory.

Towards the beginning of February, Adobe released an emergency update for Flash Player on all platforms after two zero-day bugs were discovered in the wild targeting Windows and Mac OS X computers. The vulnerabilities allowed hackers to hijack both Windows PCs and Macs.

Apple's own website was vulnerable

Even Apple has turned out to have security issues on its website. A security researcher discovered a DOM-based cross-site scripting (XSS) vulnerability on the 'Find Locations' subdomain of Apple's locate.apple.com website, writes Softpedia.

Apple has addressed the vulnerability that could have been used to hijack user sessions and possibly even accounts, according to Independent security researcher Mirza Burhan Baig of blackbitz.net.

HTML5 could do data dumps

There is a movement towards HTML5 as a replacement for Flash, but it should be noted that even that may open up certain vulnerabilities.

A flaw in HTML5 coding language could allow websites to bombard users with gigabytes of junk data, according to an Apple Insider report.

Developer Feross Aboukhadijeh claims that the data dumps can be performed on most web browsers, including Apple's Safari. Only Firefox capped the data dump at 5MB.

A loophole allowed HTML5 programmers to bypass the data cap imposed by browsers. Aboukhadijeh was able to dump 1GB of data every 16 seconds on his SSD-equipped MacBook Pro with Retina display, according to the report.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.