Adobe Flash exploit raises concern

Discussion in 'other security issues & news' started by Thankful, May 27, 2008.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Savings Monitor

    Thankful, May 27, 2008
    #1
  2. ronjor

    ronjor Global Moderator

    Secunia
     
    ronjor, May 28, 2008
    #2
  3. Diver

    Diver Registered Member

    This is a real PITA as it is difficult to use the web with flash disabled. Probably, Firefox with NoScript is the best defense here.

    Its a real shame that the makers of add ons can't seem to get their act together. Look at how many problems there have been with Quicktime and Real Audio as well.
     
    Diver, May 28, 2008
    #3
  4. Rmus

    Rmus Exploit Analyst

    How about if you use a flash placemarker so that you can select when to use flash? This is obviously a multimedia story that I would give the flash the OK here:

    flash_carroll.gif
    _________________________________________________

    Most browsers have some similar feature.

    Also, knowing the website. Note that in this current flash exploit, that the user is redirected:

    Attack code targets new Adobe Flash vuln
    http://www.theregister.co.uk/2008/05/27/new_adobe_flash_vuln/
    So, if you encountered one of these pages which redirected you to a malicious site, your placeholder would display rather than the flash applet running automatically, and you would certainly choose not to run the flash.

    If you look at the analyses for current attacks using these vulnerabilities, you will see that they attempt to download malware, which your basic security certainly would alert to. In this Flash exploit, for example:

    Malicious swf files?
    http://isc.sans.org/diary.html?storyid=4468
    There is really no reason to be a victim of these types of exploits.


    ----
    rich
     
    Rmus, May 28, 2008
    #4
  5. dw426

    dw426 Registered Member

    dw426, May 28, 2008
    #5
  6. Rmus

    Rmus Exploit Analyst

    Yes - sans.org raised this possibility yesterday in the diary entry I linked above:

    However, the security concerns/solutions remain the same for all of these types of exploits.


    ----
    rich
     
    Rmus, May 28, 2008
    #6
  7. ronjor

    ronjor Global Moderator

    Exploitation of Adobe Flash Vulnerability
    Cert
     
    ronjor, May 28, 2008
    #7
  8. Diver

    Diver Registered Member

    It was a bit of a false alarm. Symantec thought the exploit applied to the latest 124 version, but it was 115 and earlier builds that were vulnerable.
     
    Diver, May 29, 2008
    #8
  9. ronjor

    ronjor Global Moderator

    Story
     
    ronjor, Jun 2, 2008
    #9
  10. MrBrian

    MrBrian Registered Member

    I found an interesting blog entry that shows how many people actually bother to update Flash in a timely manner.

     
    MrBrian, Jun 3, 2008
    #10
  11. ronjor

    ronjor Global Moderator

    Microsoft Clarifies XP SP 3 Flash Issue
    Story
     
    ronjor, Jun 3, 2008
    #11
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice