Adobe Flash Zero Day exploit: You are being warned...

1 rating since posting on Wednesday, May 28, 2008
in San Diego
website
(submitted by Băd-Dăwg )

Overall Rating

*****

based on 1 rating
Advertisement
*****
Danger awaits you on the WEB today: Flash Zero Day Exploit is a hackers dream.
Hi folks,

A little over 24 hours ago a new exploit for the latest versions of Adobe Flash Player started being seen in the wild. All versions of Flash are affected and so far Adobe has been silent -- not providing a patch (or any thing else).

The trouble with this exploit is that is is already very wide-spread and Flash is just about the most ubiquitous software at UCSD. There is a Chinese group hacking tens of thousands of websites via SQL injection to insert malicious iframes. This group has started to use this Flash exploit in their iframes which has given the exploit very high exposure. Because of the wide exposure it isn't safe to avoid exploitation by only visiting websites you trust -- we've even had UCSD websites compromised by this group.

Here are a few ways to reduce/eliminate your exposure until Adobe releases a patch:

* Completely uninstall Flash

This is 100% effective and is what I recommend you do.

* Run Firefox with NoScript (noscript.net/) to block all Flash.
You can then make exceptions for websites that are very unlikely to be compromised like YouTube.

This is not safe but is still a good compromise for those that can't go without Flash. NoScript is already a security must-have and this is a good example of how it can help protect you. (It's somewhat difficult so setup and get running, expect to spend some time on this)

* Install the latest bleeding-edge version of Flash from labs.adobe.com/downloads/...ayer10.html

This is not safe because every indication I have suggests that Flash 10 is also vulnerable. All the Flash exploits though are written for Flash 9 and won't work on Flash 10 without serious modification -- something isn't likely to happen.


Enjoy!!!

B-D

- Băd-Dăwg , posted 05/28/08

Adobe Flash Zero Day exploit: You are being warned... was recommended for:

Share/Save/Bookmark
post to tribe
recommend or request

search local favorites

browse