| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Sep 2012 13:40:36 -0400 From: Jeffrey Walton <noloader@...il.com> To: James Lay <jlay@...ve-tothe-box.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Adobe Flash UpdateInstalls Other Warez without Consent On Thu, Sep 6, 2012 at 1:26 PM, James Lay <jlay@...ve-tothe-box.net> wrote: > On 2012-09-06 11:09, Jeffrey Walton wrote: >> >> The company that writes the worlds most insecure software [1,2,3] has >> figured out a way to further increase an attack surface. >> >> Adobe now includes additional warez in their updates without consent. >> The warez includes a browser and tools bar. The attached image is what >> I got when I agreed to update Adobe Flash because of recent security >> vulnerability fixes. >> >> It appears Adobe has become a whore to Google like Mozilla. >> >> +1 Adobe. >> >> [SNIP] > > Perhaps someone didn't uncheck the checkbox on download.... Fortunately, I still had the browser Windows open (that was opened by the update process): https://get3.adobe.com/flashplayer/download/?installer=Flash_Player_11_for_Internet_Explorer. No check boxes - only instructions to install. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists