

Exploiting Type Confusion in Flash - cpeterso
http://googleprojectzero.blogspot.com/2015/07/one-perfect-bug-exploiting-type_20.html?m=1

======
userbinator
Am I correct in saying that this bug is because the system library methods can
be modified (and that the fix is to make them read-only)? If so, that seems
like a huge oversight...

This somewhat reminds me of the quirk of old FORTRAN implementations which
could cause the values of _constants_ to be changed accidentally.

------
jammi
Just uninstall Flash; it's no longer needed for web surfing.

~~~
micro-ram
Agreed. It's time to move on. Uninstall Flash & chrome://plugins Disable.

[http://occupyflash.org/](http://occupyflash.org/)

------
jdangu
Flash security has gotten so bad that security analysts can fully disclose a
vulnerability patched only 2 months ago. There's been ~5 0day events since
then so...

~~~
adestefan
There have been 10 Linux kernel CVEs issued in the last 2 months. That
includes 4 code execution and/or privilege escalation vulnerabilities. That's
not even counting any 0 day's that are (probably) sitting in someone's
toolbox.

The point being that this isn't a Flash/Microsoft/pick your target problem,
but it's an industry wide, software engineering problem.

~~~
arielby
Could you be more specific? The last Debian security update was in April,
which is more than 2 months ago.

~~~
rictic
I'm not the parent, but this is the place to look I believe:
[https://web.nvd.nist.gov/view/vuln/search-
results?query=linu...](https://web.nvd.nist.gov/view/vuln/search-
results?query=linux+kernel&search_type=last3months&cves=on)

