As said,
What makes Adobe Flash so vulnerable and how does Mozilla Shumway fix it?
Flash related malicious activity is due to malicious website right? Not in Adobe's software right? If so, how can Shumway replace the Flash nightmare??
As said,
What makes Adobe Flash so vulnerable and how does Mozilla Shumway fix it?
Flash related malicious activity is due to malicious website right? Not in Adobe's software right? If so, how can Shumway replace the Flash nightmare??
Adobe Flash is not inherently vulnerable, however Adobe's implementation has had it fair share of severe exploits. My explanation for this is simply history. Flash has been around for a long time. Adobe took over Flash from Macromedia back in 2007, and Flash was already on its 9th version. Back in the early 2000's, security was not on anyone's feature list for software, they were trying to ship features that enhanced the product and made a better experience for their users. Security just wasn't a problem, so it was addressed. Fast forward 5-10 years, and now Flash is all over the Internet and installed in every browser. It makes for a huge attack surface, on a complex codebase. That is why.
Shumway has a few things going for it. First, it can be developed with security as a feature. Regular security checks are happening as the code is being written. Also, its implemented in JavaScript and run in the browser, so it can leverage the browser sandbox. Even if there were a bug in the Shumway code, it would only be able to access the browser, not the host OS (unless there is also a bug in the browser).