WARNING: Disable your Flash Player immediately !

Message

Puppy · #1 Post by **Puppy** » Wed May 28, 2008 8:12 am

Adobe Flash Player Unspecified Vulnerability
http://secunia.com/advisories/30404/
Malware Attack Exploiting Flash Zero Day Vulnerability
http://ddanchev.blogspot.com/2008/05/ma ... -zero.html

Extremly critical vulnerability has been found in Adobe Flash Player. Even latest available version 9.0.124.0 is affected. The vulnerability is currently being actively exploited.

XCoalMiner · #2 Post by **XCoalMiner** » Wed May 28, 2008 9:24 am

Explained in more detail here.

leoblob · #3 Post by **leoblob** » Wed May 28, 2008 10:50 am

Any suggestions here? ...given that even the most recent version of Flash player is vulnerable...

Puppy · #4 Post by **Puppy** » Wed May 28, 2008 11:25 am

The only solution is to disable Adobe Flash player in your browser. Additionally this site http://www.securityfocus.com/bid/29386/exploit has an update

"Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) ..."

XCoalMiner · #5 Post by **XCoalMiner** » Wed May 28, 2008 11:47 am

This appears to be the most current update, as of midday today: http://isc.sans.org/diary.html?storyid=4474

Their advice:

There are several ways to protect yourself even if you have a vulnerable version of the Flash player.

* In Firefox, you can use either of the following add-ons, NoScript (one of our favorites, found here or here) or FlashBlock (here or here).
* In IE, see here for how to set the "killbit", the CLSID is BD96C556-65A3-11D0-983A-00C04FC29E36.

Puppy · #6 Post by **Puppy** » Wed May 28, 2008 2:54 pm

Recent comment from Adobe http://blogs.adobe.com/psirt/2008/05/po ... e_u_1.html

Puppy · #7 Post by **Puppy** » Thu May 29, 2008 2:53 am

And finally, the latest version 9.0.124.0 is not vulnerable http://blogs.adobe.com/psirt/2008/05/po ... e_u_1.html

XCoalMiner · #8 Post by **XCoalMiner** » Thu May 29, 2008 11:19 am

The lesson learned here is keep all your software up to date.

Unless you have an overwhelming and strong reason not to. And even then consider it.

leoblob · #9 Post by **leoblob** » Thu May 29, 2008 8:40 pm

Thanks for this info. I did find that one of my computers had an older version of Flash and I updated it.

Elwyn · #10 Post by **Elwyn** » Fri May 30, 2008 4:41 pm

leoblob wrote:Any suggestions here? ...given that even the most recent version of Flash player is vulnerable...

If using Firefox/Mozilla then get the addon called "Flashblock". Means you have to OK every flash that wants to load in the background. Makes life easier sometimes with resources

WARNING: Disable your Flash Player immediately !

WARNING: Disable your Flash Player immediately !

Who is online