Re: Flash Vulnerability
 

I'm not seeing any specific info on this bug and adobe was supposed to deliver 10.1 final by now.

Maybe this is a play by Adobe to have everybody update to 10.1 quickly on Monday? lol

Re: Flash Vulnerability
 

oops! sorry :) /facepalm

ha!

Re: Flash Vulnerability
 

Why is it Nokias problem...

I just restarted my desktop and was greeted with a Flash upgrade notice from Adobe,

Flash is a MicroB plugin maintained by Adobe isn't it?
Why shouldn't it then be upgraded by the user of an N900 just as it is for a desktop user when Adobe gets around to making it available.

BTW, Nokia didn't make anyone "vulnerable". They provided a means with which to disable this plugin if you are so concerned.

Just sayin' :)

Re: Flash Vulnerability
 

Woah! I just found a security bulletin from last year that's strikingly similar to the one they just put out.

Last Year:
http://www.adobe.com/support/securit...apsa09-03.html

This Year:
http://www.adobe.com/support/securit...apsa10-01.html

Maybe Flash + Adobe Reader is the only way this is exploitable and not just Flash on it's own. 10.1(or at least the RC) might close itself off to Adobe Reader and that authplay.dll file

Re: Flash Vulnerability
 

You're right about turning it off, I posted earlier:

http://discussions.europe.nokia.com/...unread-message

But I think you're wrong about Adobe support. Nokia provide the flash plug in.. They'd be responsible for a fix, not Adobe..

Re: Flash Vulnerability
 

You will pro'ly find something simular after they released just about every upgrade. :)

The sky is falling.

Re: Flash Vulnerability
 

maybe so but that does not give Nokia an excuse not to have a responsible and timely response process for potential security issues.

other OS vendors do this pretty well.

burying ones head in the sand does not make the problem go away.

communication and recogniton followed by adequate risk mitigation and resolution is really the only acceptable approach.

rgds

Re: Flash Vulnerability
 

This was one of my concerns when choosing the N900.

If certain third party elements are known to suffer regular security hiccups then they shouldn't be an integral part of the O/S and should be treated like a plugin. Patched and updated as and when required, without having to replace/reflash the whole O/S.

Adobe could simply turn around and say "Not our responsibility to fix it", and likewise so could Nokia.

Re: Flash Vulnerability
 

>> communication and recogniton followed by adequate risk mitigation and resolution is really the only acceptable approach.

Nokia, commnication ?

[lol] what earth are you from

Re: Flash Vulnerability
 

A much bigger one than Nokia!

rgds