View Single Post
  #4   (View Single Post)  
Old 15th April 2011
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 163
Default Latest Flash Player Vulnerability Reply to Thread

Quote:
Originally Posted by shep View Post
I agree that this is something to think about. The vulnerability is specifically targeted to Microsoft Windows, but it could just as easily be targeted to Linux or FreeBSD.

The heart of the exploit embeds some assembly code for an Intel x86 machine that does an INT 80 to call the operating system to execute an arbitrary shell command.

This same INT 80 is used in Linux x86 :

http://www.cin.ufpe.br/~if817/arquiv....html#syscalls

And the same INT 80 used in FreeBSD x86:

http://www.int80h.org/bsdasm/

This is a good reminder of why not to run the X Window system as root...

I think it is a good idea to separate business activities from entertainment activities.

At home I keep one machine just for entertainment and let it run flash and whatever but I never do business on that machine...
Reply With Quote