Google fixes Flash's security issues ahead of Adobe

[err0r]

Google (GOOG) today fixed the recent Adobe (ADBE) Flash Zero-day exploit in which a devious hacker could embed a malicious Flash file in an Excel document and if opened can compromise Windows-based computers. Microsoft says that Office 2010 users aren't vulnerable. Apple's (AAPL) Macintosh users aren't also vulnerable to this particular attack, though others could be developed using this vulnerability.

 

Adobe's Flash detractors certainly have a good argument against using the software if an exploit exists in the wild and Google has the only current fix.

 

But it also shows that Google's browser security model works well. Google controls the version of Flash in Chrome and controls updates to the software. In this case, it pushed and update before Adobe has.

 

Google is coming off a ConSecWest where no one was able to hack its Webkit-based browser. As is tradition, Apple's Safari Browser (also based on WebKit) was hacked within seconds of the conference opening. Apple issued security updates the same day as the hacking so it isn't clear if the updates would have saved its browser. Microsoft's (MSFT) Internet Explorer and mobile versions of the Webkit browser on both Apple's iOS and RIM's (RIMM) Blackberry were also hacked.

 

One easy fix: remove Flash.

 

Daring Fireball's John Gruber reccomends removing Flash from your computer and letting using Google Chrome (with its embedded Flash player) handle any sites with Flash.

 

Google has a lot invested in Chrome and having a great security pedigree will only improve its chances of gaining market share, especially in Enterprise.

 

Google has aimed its ChromeOS operating system squarely at enterprise where it hopes to undercut Microsoft on price, performance and ease of administration. You can bet that CIOs that are considering the deployment ChromeOS take security very seriously.

 

Source: Seth Weintraub