Discussion in 'other security issues & news' started by Thankful, May 27, 2008.
This is a real PITA as it is difficult to use the web with flash disabled. Probably, Firefox with NoScript is the best defense here.
Its a real shame that the makers of add ons can't seem to get their act together. Look at how many problems there have been with Quicktime and Real Audio as well.
How about if you use a flash placemarker so that you can select when to use flash? This is obviously a multimedia story that I would give the flash the OK here:
Most browsers have some similar feature.
Also, knowing the website. Note that in this current flash exploit, that the user is redirected:
Attack code targets new Adobe Flash vuln
So, if you encountered one of these pages which redirected you to a malicious site, your placeholder would display rather than the flash applet running automatically, and you would certainly choose not to run the flash.
If you look at the analyses for current attacks using these vulnerabilities, you will see that they attempt to download malware, which your basic security certainly would alert to. In this Flash exploit, for example:
Malicious swf files?
There is really no reason to be a victim of these types of exploits.
Symantec jumped the gun.
You're safe unless you run Flash as a stand alone app
Yes - sans.org raised this possibility yesterday in the diary entry I linked above:
However, the security concerns/solutions remain the same for all of these types of exploits.
Exploitation of Adobe Flash Vulnerability
It was a bit of a false alarm. Symantec thought the exploit applied to the latest 124 version, but it was 115 and earlier builds that were vulnerable.
I found an interesting blog entry that shows how many people actually bother to update Flash in a timely manner.
Microsoft Clarifies XP SP 3 Flash Issue
Separate names with a comma.