Adobe Flash sandbox bypassed?

[Concerned User]

http://www.theregister.co.uk/2011/01..._flash_bypass/

Guess safe browsing habits along with noscript-normal users
browser with sandboxie+non-admin account-risk prone users

are the best options always.

[MidnightCowboy]

I think this is the key to this one:

"An attacker would first need to gain access to the user's system to place a malicious SWF file in a directory on the local machine before being able to trick the user into launching an application that can run the SWF file natively".

Although I always appreciate it when exploits are made public I think some media go OTT with the sensationalism. Yes it's true and yes it can happen (although not easily as far as most of us are concerned). IMO this is typical tabloid journalism

[Taurus]

Quote:

Originally Posted by MidnightCowboy

Although I always appreciate it when exploits are made public I think some media go OTT with the sensationalism. Yes it's true and yes it can happen (although not easily as far as most of us are concerned). IMO this is typical tabloid journalism

MC, as usual, you hit the nail right on the head. If one reacted to every exploit that was made public and then sensationalized in the media and on public forums,
one would be in a constant state of paranoia. Guess that's what security software vendors want. But one cannot react in this manner because one would do much more damage to a machine just changing out security software than any malware or potential exploit ever could.

If it ever gets that bad, well there's an easy resolution button that I have on my machine that I know will work to resolve any exploit. It's called the off button.