Adobe Flash exploit raises concern

Thankful · May 27, 2008

http://news.cnet.com/8301-10789_3-9952547-57.html

ronjor · May 28, 2008

Adobe Flash Player Unspecified Vulnerability

Critical: Extremely critical

Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Adobe Flash Player 9.x
Click to expand...

Secunia

Diver · May 28, 2008

This is a real PITA as it is difficult to use the web with flash disabled. Probably, Firefox with NoScript is the best defense here.

Its a real shame that the makers of add ons can't seem to get their act together. Look at how many problems there have been with Quicktime and Real Audio as well.

Rmus · May 28, 2008

Diver said:

This is a real PITA as it is difficult to use the web with flash disabled.
Click to expand...

How about if you use a flash placemarker so that you can select when to use flash? This is obviously a multimedia story that I would give the flash the OK here:

_________________________________________________

Most browsers have some similar feature.

Also, knowing the website. Note that in this current flash exploit, that the user is redirected:

Attack code targets new Adobe Flash vuln
http://www.theregister.co.uk/2008/05/27/new_adobe_flash_vuln/

At least 20,000 web pages have been found to carry links to a site that hosts malicious Flash applets that exploit the weakness, according to Symantec researchers. The malicious links are likely to be the result of SQL injections, an attack method that's grown rampant in recent weeks.
Click to expand...

So, if you encountered one of these pages which redirected you to a malicious site, your placeholder would display rather than the flash applet running automatically, and you would certainly choose not to run the flash.

Diver said:

Its a real shame that the makers of add ons can't seem to get their act together. Look at how many problems there have been with Quicktime and Real Audio as well.
Click to expand...

If you look at the analyses for current attacks using these vulnerabilities, you will see that they attempt to download malware, which your basic security certainly would alert to. In this Flash exploit, for example:

Malicious swf files?
http://isc.sans.org/diary.html?storyid=4468

Indeed, hxxp://www.playXXXXXXXXX.com/XX.exe is downloaded
Click to expand...

There is really no reason to be a victim of these types of exploits.

----
rich

dw426 · May 28, 2008

http://www.pcworld.com/businesscenter/article/146396/symantec_backtracks_on_adobe_flash_warning.html

Symantec jumped the gun.

You're safe unless you run Flash as a stand alone app

Rmus · May 28, 2008

Yes - sans.org raised this possibility yesterday in the diary entry I linked above:

Interestingly this SWF file may be exploiting CVE-2007-0071 and not the potentially new previously unknown vulnerability announced by Symantec today, assuming they are different.
Click to expand...

However, the security concerns/solutions remain the same for all of these types of exploits.

----
rich

ronjor · May 28, 2008

Exploitation of Adobe Flash Vulnerability

III. Solution

Upgrade

Upgrade to Flash Player 9.0.124.0 or later. The installation process for Flash Player differs based on web browser platform. Take care to upgrade Flash Player in all supported web browsers.

* Microsoft Windows users should upgrade the Flash ActiveX control by visiting the Adobe Flash Player Download Center using Internet Explorer (IE). This is necessary even if IE is not the primary browser, since other programs may use IE to view Flash content. Alternately, download the stand-alone installer for the Flash Player ActiveX control.
* Users with other web browsers and operating systems should visit the Adobe Flash Player Download Center using each browser that supports Flash. Alternately, download the stand-alone installer for the Flash Player Netscape-style plug-in.

To check the version of Flash Player, visit the Version test for Adobe Flash Player using each web browser that supports Flash
Click to expand...

Cert

Diver · May 29, 2008

It was a bit of a false alarm. Symantec thought the exploit applied to the latest 124 version, but it was 115 and earlier builds that were vulnerable.

ronjor · Jun 2, 2008

false alarm
Click to expand...

The reported security hole in Flash Player can now be given the all clear. The general consensus is that users of the current version 9.0.124.0 are safe. For the first time ever Secunia, one of the most reliable sources of information about security issues, has even revoked its advisory about the hole in Flash Player.
Click to expand...

Story

MrBrian · Jun 3, 2008

I found an interesting blog entry that shows how many people actually bother to update Flash in a timely manner.

After roughly 2 months, less than 20% of users had applied an update that addresses a critical remote code execution vulnerability.
Click to expand...

Actually, you only get revision numbers if the user’s browser is Firefox. I believe it is safe to assume that the average Firefox user would be more Internet security savvy than the average Internet Explorer user, so we may consider these numbers an upper bound.
Click to expand...

We must be careful, however, to make sure that the real lesson isn’t lost while we all breathe a collective sigh of relief: the vulnerability may as well have been zero-day.
Click to expand...

ronjor · Jun 3, 2008

Microsoft Clarifies XP SP 3 Flash Issue

Amid concerns that users of its Window XP Service Pack 3 operating system may be vulnerable to online attacks, Microsoft has finally broken its silence and explained which XP users need to upgrade their Adobe Flash Player software.
Click to expand...

Story

Log in or Sign up

Adobe Flash exploit raises concern

Thankful Savings Monitor

ronjor Global Moderator

Diver Registered Member

Rmus Exploit Analyst

dw426 Registered Member

Rmus Exploit Analyst

ronjor Global Moderator

Diver Registered Member

ronjor Global Moderator

MrBrian Registered Member

ronjor Global Moderator

Log in or Sign up

Adobe Flash exploit raises concern

Thankful Savings Monitor

ronjor Global Moderator

Diver Registered Member

Rmus Exploit Analyst

dw426 Registered Member

Rmus Exploit Analyst

ronjor Global Moderator

Diver Registered Member

ronjor Global Moderator

MrBrian Registered Member

ronjor Global Moderator

Useful Searches