Feeds

back to article Adobe Flash vulnerable to remote-execution exploit

Already under the gun for a critical hole in its ubiquitous Acrobat Reader, Adobe's security team has pushed out a fix for another serious vulnerability, this one in the company's Flash animation software. The remote code execution vulnerability has been confirmed in Flash for Windows and is believed to also affect versions that …

COMMENTS

This topic is closed for new posts.
Alert

Yes, Flash 10 is vulnerable.

http://www.adobe.com/support/security/bulletins/apsb09-01.html

The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.

"iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 9.0.124.0. Previous versions may also be affected."

Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.

0
0
Thumb Down

For IE 8

Running IE 8.0.7000 on the Win 7 beta I was unable to get Adobe's download page to install the new version (the ActiveX installation from their download page simply wouldn't start). WTG Adobe!

Solution:

1) D/L the flash uninstaller from

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157&sliceId=1

and uninstall the old Flash ActiveX control. (IE 8 in its infinite wisdom offers no way to uninstall add-ons /rolleyes.)

2) D/L the update for Flash CS4 Pro from

http://www.adobe.com/support/flashplayer/downloads.html#fp10

unzip it and run the Flash ActiveX installer from the Release directory.

3) Curse the fact that you need to keep IE hanging around to check compatibility issues (/bitter laugh).

0
0
Happy

For once I'm glad...

...that I'm stuck using Flash 7 on a MIPS-based netbook.

Security through obscurity (and being a bit rubbish).

0
0
Thumb Down

Flash? Just say NO ...

Most flash on web pages is used to cause continual annoyance that only makes it harder to read anything else that's on the screen.

Firefox and flashblock provides the answer. We don't see these annoyances in the first place.

Better still would be for web sites to implement proper NoFlash web pages which would make the whole web a more user-friendly place. Except in the rare cases where the flash actually performs a useful FUNCTION -- and that does not mean unnecessary emelishments or adverts.

0
0
Thumb Down

Anything?

"... The vulnerability is separate from a security bug in Adobe's Acrobat Reader program that is currently under attack."

Jeez! Does Adobe distribute anything (internet-facing) that's not "currently under attack"?

0
0
Happy

Hasn't been a problem for me

Although the proxy config lines below may have been a factor:

# =< Block Nasty Types >=======================================================

/*.*.swf

0
0
This topic is closed for new posts.