Monthly Archives: September 2015

Panda Security

As Adobe Flash gets phased out, we certainly won’t be pining after it

flash mobiles

This September 1 didn’t just bring with it the usual back-to-school (or work!) rush that we see every year, but also the ushering in of a hotly anticipated move from Google. Just last June, the company announced that its web browser, Chrome, would begin blocking the web content that used Adobe Flash technology. Basically, this means that animated ads and video players are a thing of the past.

This is what seems to be the final nail in the coffin for the much-maligned software which Steve Jobs criticized in 2010, when he chose not to allow it on Apple’s iPhones. It’s now been more than five years since the co-founder of Apple predicted that the boom of smartphones and tablets would take place without the need for Flash: “New open standards created in the mobile era, such as HTML5, will win on mobile devices (and PCs too)”.

His prediction about Adobe has been correct, although HTML5 is still fighting against apps for dominance on mobile devices. It’s been a long time since Flash posed a problem for mobile devices, as both Android and iOS blocked it a long time ago, and not its days are numbered on computers.

adoble update

In June, despite being a temporary measure that last only a few days due to a weakness in the program, Mozilla also blocked Flash. Now that Google has placed itself at the head of the pack, perhaps its competition in the browser market will enter into battle, and for good reason, too.

Flash has become the main cause of malware that can be installed on a laptop. The number of holes registered in Flash in 2014 by the National Vulnerability Database (NVD), reached 76, of which 65 were high-risk and 11 medium-risk. This means that, apart from web browsers themselves, Adobe has become the main entrance point for cybercriminals.

Because of this, Google decided to stop using it by default for YouTube and opted for HTML5 instead, following others similar actions taken by Netflix and Vimeo.

Adobe’s problems don’t end there, however, as Amazon also decided to prohibit ads in Flash format on its platforms, and Facebook’s Head of Security demanded to know “when will Adobe die”.

So, it destroys the battery of your laptop, makes pages load slowly, and above all, has a long history of allowing cybercriminals to run riot on your computer. When all is said and done, there won’t be many who miss it when it’s gone.

The post As Adobe Flash gets phased out, we certainly won’t be pining after it appeared first on MediaCenter Panda Security.

Joomla

CVE-2015-6939

Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. (CVSS:4.3) (Last Update:2015-09-23)

AVG

Understanding AVG’s new privacy policy

Our CEO, Gary Kovacs, announced at Mobile World Congress that AVG was developing a clear and simple version of its privacy policy for its users, and challenged the industry to do the same.

The new privacy policy does not come into effect until October 15th. We released the new privacy policy a month before it becomes effective to give our users time to provide any feedback they might have.

When creating our new policy format, we decided that our customers should have the ability to choose whether or not to participate in our anonymized data collection program.

We are currently adding this option to some of our FREE consumer products, and we can confirm that no sharing of data will happen until our customers are able to make this choice.

Most software products and websites collect usage data.

Usage data allows them to customize the experience for their customers and also share data with third parties that allow them to improve or develop new products.  Knowing that 10 million users like a certain TV program gives broadcasters the data to get producers to make more of that type of program.  This is also how taxi firms know how to distribute their fleets; and how advertisers know where to place banners and billboards, for example.  Even at AVG, we have published non-personal information that we have collected regarding App performance.

We do not, and will not, sell personally identifiable data to anyone, including advertisers. 

AVG has continually challenged the industry to simplify its privacy policies and provide an informative, one-page view. We are proud of our new privacy policy and intend to continue our drive for more transparency and greater user choice.

Redhat

RHSA-2015:1808-1: Important: rubygem-openshift-origin-console security update

Red Hat Enterprise Linux: Updated rubygem-openshift-origin-console packages that fix one
security issue are now available for Red Hat OpenShift Enterprise 2.2.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the references section.
CVE-2015-5274

NVD

CVE-2015-1319

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.

NVD

CVE-2015-4040

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.