Adobe Flash Issues: Difference between revisions
No edit summary |
|||
(2 intermediate revisions by one other user not shown) | |||
Line 2: | Line 2: | ||
==Overview== |
==Overview== |
||
=== Zero-day exploits in use === |
|||
⚫ | |||
See [https://theconversation.com/using-flash-is-like-leaving-your-home-doors-open-and-sending-invites-to-criminals-44741 Using Flash is like leaving your home doors open and sending invites to criminals] by David Glance, Director of UWA Centre for Software Practice at University of Western Australia. |
|||
⚫ | |||
=== No new updates === |
|||
Adobe has ceased development of the Linux version; there are no new updates. |
|||
⚫ | |||
=== Security updates mechanism === |
|||
⚫ | |||
(Context: in 2010-06 Adobe advised of a [http://www.adobe.com/support/security/advisories/apsa10-01.html security vulnerability] in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.) |
(Context: in 2010-06 Adobe advised of a [http://www.adobe.com/support/security/advisories/apsa10-01.html security vulnerability] in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.) |
||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See [http://dev.laptop.org/ticket/9811 OLPC ticket #9811]. |
The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See [http://dev.laptop.org/ticket/9811 OLPC ticket #9811]. |
||
Line 21: | Line 30: | ||
===[[OS_images|XO-1 OS]] (Sugar Desktop)=== |
===[[OS_images|XO-1 OS]] (Sugar Desktop)=== |
||
====camera==== |
|||
Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See [http://dev.laptop.org/ticket/8644 OLPC ticket #8644], and [http://dev.laptop.org/ticket/7001 ticket #7001]. |
Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See [http://dev.laptop.org/ticket/8644 OLPC ticket #8644], and [http://dev.laptop.org/ticket/7001 ticket #7001]. |
||
====fonts==== |
|||
Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see [http://dev.laptop.org/ticket/5584 ticket #5584]. |
Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see [http://dev.laptop.org/ticket/5584 ticket #5584]. |
Latest revision as of 00:47, 16 July 2015
This page is about issues on the OLPC XO with the proprietary Adobe Flash Player Plugin.
Overview
Zero-day exploits in use
See Using Flash is like leaving your home doors open and sending invites to criminals by David Glance, Director of UWA Centre for Software Practice at University of Western Australia.
No new updates
Adobe has ceased development of the Linux version; there are no new updates.
Security updates mechanism
A deployment laptop asset base is a potential target. A mechanism will be required by deployments to ensure that security updates or mitigation can be applied rapidly. OLPC does not provide a mechanism.
(Context: in 2010-06 Adobe advised of a security vulnerability in Adobe Flash Player 10.0.45.2 (and earlier), including the Linux version. Solution is Adobe Flash Player 10.1. Mitigation is to remove the file libauthplay.so.0.0.0 and while this appears straightforward would need to be included in image build scripts, and in some post-installation update mechanism.)
Xv not used
On all Linux devices, including XO-1 and XO-1.5, with all builds, Flash 10 does not use Xv, (Flash 9 did), and performance is significantly degraded. See OLPC ticket #5408.
Redistribution license
The license does not permit redistribution, therefore Adobe Flash Player cannot be bundled within an operating system image by OLPC. An alternate license or specific permission is being explored. See OLPC ticket #9811.
XO-1 Laptop
Issues on the XO-1 Laptop
XO-1 OS (Sugar Desktop)
camera
Browsing Flash apps that use the camera will turn on the indicator light above the camera. Flash 10 shows red and green static which reacts to motion. This means the camera is working, but Flash isn't communicating quite correctly with it. See OLPC ticket #8644, and ticket #7001.
fonts
Although not recently reproduced or confirmed, "Adobe Flash makes fonts too large", see ticket #5584.
Fedora 11 (Gnome Desktop)
placeholder
Teapot's Ubuntu 8.10 (XFCE Desktop)
placeholder
XO-1.5 Laptop
placeholder
XO-1.5 OS (Sugar Desktop)
placeholder
Fedora 11 (Gnome Desktop)
placeholder
Related Tickets
OLPC ticket #9500 "YouTube should just work", as option 3, seeking a way to ship Adobe Flash with associated codec rights.