Flash

Google has released version 22 of their popular Chrome web browser and while it doesn’t come with a huge list of changes, there are a couple of features to get excited about if you are concerned with security. Google has infused Chrome with the fully hardware-accelerated Pepper Flash plug-in for Windows users, resulting in what has been described as unrivalled protection against malicious Flash apps found lurking on the Internet.

As proven by the CanSecWest Pwn2Own hacks, the Flash Player plugin that ships with Google Chrome is a major weak spot that has been targeted by attackers.

Not anymore.

Google has quietly tweaked the browser to put Flash in the browser's more restrictive sandbox on all versions of Windows, making it significantly harder to exploit a Flash Player vulnerability to get full system access. The fully sandboxed Flash was included in the Chrome 21 beta release, according to Google's Justin Schuh.

We announced last November that we are focusing our work with Flash on PC browsing and mobile apps packaged with Adobe AIR, and will be discontinuing our development of the Flash Player for mobile browsers. 

Cyber-spies have planted Java- and Flash-exploiting malware on web sites focused on human rights, defence and foreign policy. Over the last two weeks, the Shadowserver Foundation, a nonprofit group that tracks internet threats, has discovered several such compromised web pages that download the malware through visitors' browsers. The malware, which exploits known flaws in Adobe Flash and Java, is aimed at Mac and Windows systems.

A critical security flaw that has been affecting Adobe's Flash Player application now has an update from the software company towards remedying the problem. Actually the flaw had been enabling hackers to exploit it so users could be deceived into taking down malware while browsing in IE (Internet Explorer) that too was getting impacted. Redorbit.com published this on May 6, 2012.

A Flash vulnerability that's being exploited by hackers, to gain control of victims' machines, is the target of a security update released over the weekend by Adobe.

"There are reports that the vulnerability is being exploited in the wild, in active targeted attacks, designed to trick the user into clicking on a malicious file delivered in an email message," Adobe said in a security bulletin.

The Russian security firm that originally acknowledged the Flashback botnet spread across 650,000 Macs continues to analyze the behavior of the Trojan, as “Files downloaded by the Trojan horse from servers controlled by criminals have become one of the main subjects for analysis.”

“Doctor Web virus analysts continue to study the first-ever large-scale botnet created by means of BackDoor.Flashback and comprised of computers running Mac OS X,” says the firm.

Contrary to reports by several security companies, the Flashback botnet is not shrinking, the Russian antivirus firm that first reported the massive infection three weeks ago claimed today.

Despite Apple's release of numerous Java patches and an uninstaller tool, some 140,000 Macs worldwide are still affected by the Flashback trojan that was at one point present on 600,000 machines.

Although malware-affected Macs are on the decline, the numbers are at a point much higher than forecasted by software maker Symantec, according to a Tuesday post on the company's blog.

Coming on the heels of its Thursday Java update, Apple has released a separate program to remove the so-called Flashback trojan that has affected over 600,000 Macs worldwide.