LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Adobe FlashPlayer Security Query (https://www.linuxquestions.org/questions/linux-software-2/adobe-flashplayer-security-query-654090/)

BruisedQuasar07 07-07-2008 09:57 AM

Adobe FlashPlayer Security Query
 
Does anyone know if Flash Player for Linux is neutralized of the Adobe built-in privacy invasion aspect? I asked this in other Linux forums and no one seemed aware that Flash Player has built-in privacy invasion software so businesses that post Flash Player games and clips can spy on users.

I refer to the PIE files (.sol) or more commonly known as LSO (Local Shared Object) files which can send private data back to a paying user's designated online site. For instance, Flash Player can be set (and commonly is) to gather and send audio and video data from any Mic and/or webcam(s).

Supposedly, FP places the SOL files containing hidden LSO in Linux hard drive directory ~macromedia...

If this is so, that means Linux contains a wide open security hole that is not just theoretical but actively exploited. I am amazed that this is not a hot topic at Linux forums!

Anyone know if this Windows & Mac exploit is also a Linux exploit?

--Bruised

alan_ri 07-07-2008 02:14 PM

I've just started to investigate this,and I see strange things start to happen when I'm in .macromedia directory and playing with some commands.Can you belive,I was asked to enter my root password by that .sol file.This is going to be interesting.I knew that flashplayer has been exploited many times,but this,what I see now,looks so mean to me.
Good info Bruised.Even if I have made some steps to disable anything that I don't want to happen on my system and it works,this will maybe end up in finding out what mean things folks in Adobe have tried to do and what they are doing.
If you think about it;flashplayer is security hole,fp has been exploited and lots of other similar info on the web suggests;that should've been fixed by now,but somehow it isn't,I wonder why?

jamesapnic 07-07-2008 05:58 PM

Flash player definitely is a security hole. Any binary program that has such as auto updates could allow an attacker to in theory tunnel into your network through the third party update provider. This doesnt seem too implausible and of course do you really trust Adobe?!


All times are GMT -5. The time now is 10:57 AM.