Home > All, Security Issues, Security News > The Flash Vulnerability Conundrum

The Flash Vulnerability Conundrum

One of my most frequent pieces of advice is ‘use the Firefox browser and install NoScript’. Since malware isn’t malware unless it involves a script, it won’t run with NoScript and you can’t get infected: you can go where you like on the internet in safety.

But it isn’t perfect safety. Flash is ubiquitous on the internet. If you’re running NoScript, it won’t run unless you allow it. This what you see:

NoScript preventing Flash from running in irefox

So what do you do now? You can’t view the very reason you came to this site in the first place. The immediate reaction is probably to temporarily allow scripts on this site. But if you allow scripts, what else will you be exposing yourself to? And what about all the Flash vulnerabilities we hear about?

I’m afraid that there’s no easy answer to this conundrum. If you really want to be secure on the internet, then you run NoScript and never allow any scripts. Actually, if you want to be secure on the internet, you don’t go on the internet. Neither is very realistic for most of us.

There are two things you can do. The first is subjective. Ask yourself, do I really want to see this page? And then, do I really trust this website? If the answer is no to either question, just move on. If the answer is yes, temporarily allow scripts on this page or site – and hope you’re not wrong.

The second is simply to be aware. Watch the alerting systems and note whenever there is a new Flash vulnerability/exploit – and make sure you’ve got the latest version of Flash. You can go here to test the version you’ve got installed – provided you trust me, of course, because you’ll need to temporarily allow scripts to run the test 🙂

Websense is currently warning about a new vulnerability: “Version or earlier is vulnerable.” It recommends upgrading to the release candidate for version 10.1 (which you can do here).

All we can realistically do is be as careful as we can.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s