I didn't intend to imply 100% security (actually stated otherwise in last sentence of first paragraph). I'm just saying that the constant security woes associated with Adobe Flash won't be coming to iOS just because Adobe has a product that compiles code for iOS. IIRC, this isn't even really new; Adobe released such a thing previously, it was just that Apple initially banned it and Adobe dropped it. Apple then loosened the rules to allow it and they now have a new product/version to again create code for iOS.
Again, is bad code a virtual certainty originating from an Adobe product? I would think yes. But it won't make iOS automatically vulnerable to exploits targeted at Flash. From: Rod Trent [mailto:[email protected]] Sent: Tuesday, June 21, 2011 10:43 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook Isn't it a bit dangerous to assume 100% security? The consumer is steadily becoming complacent due to pretty interfaces and technology that makes them comfortable (lazy). While, on the surface, a code exchange app seems OK, as IT folks we should always play devil's advocate with security, particularly when a known vulnerability felon is involved. Adobe still can't even get their app installations fixed after years of complaints and promises. From: Mayo, Bill [mailto:[email protected]] Sent: Tuesday, June 21, 2011 10:27 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook It means that it doesn't add any risk from any Flash vulnerabilities (those things that come out weekly). Flash vulnerabilities are based on the Flash executable/code/plug-in itself, and Flash will not exist in iOS. Developers and/or the Adobe compiler can create bad code (and it probably will) that may get past the checks that the App Store has in place, but that would not be synonymous with having Flash-specific vulnerabilities. While it is certainly feasible that some crafty individual might find a problem with an Adobe/Flash-sourced iOS app and figure out a way to exploit it, that is not the same as having a Flash-specific vulnerability. In other words, you won't be able to go to some page with malicious Flash code (.SWF) on it and have it run on iOS. It will simply be ignored, as it always has been. The things that people can create for iOS with Adobe's tools will just be another app. From: Rod Trent [mailto:[email protected]] Sent: Tuesday, June 21, 2011 10:20 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook No...I asked "are you sure?" that it would eliminate any vulnerabilities. From: Mayo, Bill [mailto:[email protected]] Sent: Tuesday, June 21, 2011 10:14 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook Yes. Flash is not being ported to iOS. Even if Adobe wrote it (which they won't), it is highly doubtful Apple would allow it at this point. Adobe is just making a cross-platform compiler for their proprietary code. From: Rod Trent [mailto:[email protected]] Sent: Tuesday, June 21, 2011 10:03 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook Are you sure? From: Mayo, Bill [mailto:[email protected]] Sent: Tuesday, June 21, 2011 9:48 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook The tool to which you refer compiles it into native iOS code. That eliminates any flash-specific vulnerabilities. From: Rod Trent [mailto:[email protected]] Sent: Tuesday, June 21, 2011 9:46 AM To: NT System Admin Issues Subject: RE: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook Not for long. Adobe announced tools to create cross platform apps with Flash yesterday with full capability on iOS. From: Jonathan Link [mailto:[email protected]] Sent: Tuesday, June 21, 2011 9:39 AM To: NT System Admin Issues Subject: Re: FW: US-CERT Current Activity - RIM Releases Security Advisory for BlackBerry PlayBook Makes Apple look smart... On Tue, Jun 21, 2011 at 9:26 AM, <[email protected]> wrote: Anybody expect anything different? As soon as it was announced that it would run full Flash, that told me that it would also run the full suite of Flash vulnerabilities. -- richard Shauna Hensala <[email protected]> wrote on 06/21/2011 08:19:46 AM: > already.... > > [image removed] Shauna Hensala > > > > > Date: Tue, 21 Jun 2011 09:13:56 -0400 > > Subject: US-CERT Current Activity - RIM Releases Security Advisory > for BlackBerry PlayBook > > To: [email protected] > > From: [email protected] > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > US-CERT Current Activity > > > > RIM Releases Security Advisory for BlackBerry PlayBook > > > > Original release date: June 21, 2011 at 8:41 am > > Last revised: June 21, 2011 at 8:41 am > > > > > > RIM has released a security advisory to address vulnerabilities in the > > Adobe Flash Player version included with the BlackBerry PlayBook > > tablet software. These vulnerabilities may allow an attacker to > > execute arbitrary code or cause a denial of service condition. > > > > US-CERT encourages users and administrators to review BlackBerry > > security advisory KB27365 and apply any necessary updates to help > > mitigate the risks. > > > > Relevant Url(s): > > <http://www.blackberry.com/btsc/KB27365> > > > > ==== > > This entry is available at > > http://www.us-cert.gov/current/index. > html#rim_releases_security_advisory_for3 > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.5 (GNU/Linux) > > > > iQEVAwUBTgCZBT6pPKYJORa3AQIbfgf9Er6PWQCe83AoIGYXJyjH70ccCgnw0SkV > > K7JeBsHLRx5hnXcBvq2oiC7bhGVZ1Bt2DEa5CoHwWvzaNm/a51JNS6Tenb01BDMQ > > NtQMaR3CjIHeFSS5GEKrvZVUsjAG7KQyE0o5PcQqC7W0fhLLVcKVuvKpUSHBYV/k > > 5mYtUhxiUjnolhSW1gZZB1Ms7ouTBrWx3fyiQKSExSBv8NxT09qTrifjg7ZU/o6p > > YO+CitehG89btzreV6jBXCDl0k1+NYNt0QCL+tzktI5VQJw49dhz4m/djrpMo9Mu > > fzs+SeEINNQpAK9fC4mMkOda+CLSHL5Lj3/h6sngyigszLMBUmasJw== > > =zlLP > > -----END PGP SIGNATURE----- > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software. > com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
