|
|
|
|
|
|
by shakna
3354 days ago
|
|
|
> size of scope of Flash's security problems are _way_ beyond just a DRM blob. Not sure about that, considering the Widevine's CVEs on Android have been quite bad with privelege escalation and sandbox escaping. A bad video can still be enough to burn your system. That's a full security scope right there. |
|
|
[0] http://www.cvedetails.com/cve/CVE-2015-6639/ - Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
It is also worth noting that finding vulnerabilities may be a crime in many jurisdictions [1] (thanks to the DCMA), which would prevent researching coming forward.
[1] https://www.eff.org/deeplinks/2016/03/interoperability-and-w...